[gnutls-devel] GnuTLS | System key usability issue (#1365)

Read-only notification of GnuTLS library development activities gnutls-devel at lists.gnutls.org
Mon May 16 17:19:39 CEST 2022

David Woodhouse created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1365

In https://gitlab.com/openconnect/openconnect/-/issues/432 I have a Windows user (@juxeii) attempting to use system keys.

It seems that the GnuTLS 'systemkey' tool is not installed, so it isn't really available to users. I provided one of my own but it doesn't seem to print any meaningful label just opaque hex IDs:
Label: (null)
Cert: system:win:id=37835fdcdfe2817ee22d6b161e54812fe95867fe;type=cert
Key: system:win:id=37835fdcdfe2817ee22d6b161e54812fe95867fe;type=privkey

Label: (null)
Cert: system:win:id=cd8469175c3bed4e2a9bbe7471019f2e9327943d;type=cert
Key: system:win:id=cd8469175c3bed4e2a9bbe7471019f2e9327943d;type=privkey

Label: (null)
Cert: system:win:id=b2b139644c0a13aabc820969e2d97bb997596b66;type=cert
Key: system:win:id=b2b139644c0a13aabc820969e2d97bb997596b66;type=privkey

How does the user relate these to the keys they see in certlm? Why are there only three? What do I tell the user other than "There is some magic string starting with `system:win:` which will make it use the key you want" ?

Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1365
You're receiving this email because of your account on gitlab.com.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20220516/f42b12cd/attachment-0001.html>

More information about the Gnutls-devel mailing list