Authenticating with OpenPGP certificates with primary keys marked S2K_GNU_EXT fails
Nikos Mavrogiannopoulos
nmav at gnutls.org
Mon Jan 30 22:07:17 CET 2012
On 01/30/2012 06:31 AM, Sean Buckheister wrote:
> Hello,
>
> today I stumbled across a (from my point of view) major problem with
> OpenPGP certificate handling: it doesn't work when a certificate has no
> private keying material in it's primary key.
>
> Apparently, the ability to read such keys was added to the library in
> late 2008 [0], but only the loader was touched. Loading such a key fails
> when used for TLS authentication, even when there is at least one
> unencrypted, active subkey with Sign/Authenticate capabilities.
[...]
> This finally fails, reading the S2K. Somehow the packet gets shortened
> by two bytes during export. This is due to the exporter not knowing
> about S2K_GNU_EXT, telling it how long one of those S2Ks is fixes the
> problem nicely. A patch that does this (three lines in total, but about
> a day worth of digging through code) is attached.
Thank you! The patch has been applied.
Nikos
More information about the Gnutls-devel
mailing list