[gnutls-devel] GnuTLS | gnutls_certificate_set_x509_key_file - private key (#1123)
Read-only notification of GnuTLS library development activities
gnutls-devel at lists.gnutls.org
Fri Nov 20 17:01:01 CET 2020
Achim Kraus created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1123
I'm currently wondering, why gnutls version 3.5.18 and 3.6.15 reject to read a ec-private key generated by the java keytool.
Using a demo key
```
-----BEGIN PRIVATE KEY-----
MEECAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQcEJzAlAgEBBCBgNuyqKuRW0RxU1DVs
aEpBPtVRVLRZYq6hZRzvZ6igBw==
-----END PRIVATE KEY-----
```
for `gnutls_certificate_set_x509_key_file` I get:
"gnutls_certificate_set_x509_key_file: 'ASN1 parser: Error in DER parsing.'"
Using:
```
-----BEGIN PRIVATE KEY-----
MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgYDbsqirkVtEcVNQ1
bGhKQT7VUVS0WWKuoWUc72eooAehRANCAAQUaejXTuQWAngC8AFC+IT2FMmUR4Hj
B9LcvnxDknyytbFK6cSCeIht+vSnxKHD4LVcBzMXEmufxKMUJWo4qOuu
-----END PRIVATE KEY-----
```
works.
The difference is the explicit public key as bit-string.
According [RFC 5915 - 3. Elliptic Curve Private Key Format](https://tools.ietf.org/html/rfc5915#section-3)
> Though the ASN.1 indicates publicKey is OPTIONAL, implementations that conform to this document SHOULD always include the publicKey field.
that field is optional. Even the `SHOULD` doesn't justify, why it seems to be required.
Using `gnutls_certificate_set_x509_simple_pkcs12_file` unfortunately also fails.
Is there a trick, how to use the private key without the optional public one?
--
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1123
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20201120/fba83387/attachment.html>
More information about the Gnutls-devel
mailing list