[Help-gnutls] Re: TLS/OpenPGP draft expiring soon
simon at josefsson.org
Fri Jan 19 15:08:57 CET 2007
Also, creating examples and a self test for the OpenPGP stuff would be
useful. Have you managed to get it to work at all? I tried this:
jas at mocca:~/src/gnutls$ gpg -a --export-secret-keys b565716f > ~/privkey.gpg
The above step would be nice to avoid, btw, although I'm not exactly
sure which file formats are supported/required. This area seems
Starting the server:
jas at mocca:~/src/gnutls$ /home/jas/src/gnutls/src/gnutls-serv --pgpkeyring ~/.gnupg/pubring.gpg --pgptrustdb ~/.gnupg/secring.gpg --pgpkeyfile ~/privkey.gpg --pgpcertfile ~/josefsson.org/key.txt
Echo Server ready. Listening to port '5556'.
Error in handshake
Error: Decryption has failed.
Starting the client:
jas at mocca:~/src/gnutls$ /home/jas/src/gnutls/src/gnutls-cli --pgpkeyring ~/.gnupg/pubring.gpg --pgptrustdb ~/.gnupg/secring.gpg --pgpkeyfile ~/privkey.gpg --pgpcertfile ~/josefsson.org/key.txt --port 5556 localhost
Processed 1 client PGP certificate...
Connecting to '127.0.0.1:5556'...
*** Fatal error: A TLS fatal alert has been received.
*** Received alert : Bad record MAC
*** Handshake has failed
GNUTLS ERROR: A TLS fatal alert has been received.
jas at mocca:~/src/gnutls$
Enabling debugging in the server indicate this:
|<2>| ASSERT: gnutls_pk.c:283
|<2>| ASSERT: auth_rsa.c:258
|<1>| auth_rsa: Possible PKCS #1 format attack
However, if I look at the decrypted RSA signature, it is just garbage.
Probably it is using the wrong private or public key.
I think the OpenPGP integration in GnuTLS generally needs some TLC,
and if you have time to work on it, that would appreciated.
More information about the Gnutls-help