[Help-gnutls] Re: PKCS#8 incompatibility? between OpenSSL and GnuTLS

Simon Josefsson simon at josefsson.org
Wed Jun 3 15:25:16 CEST 2009


"Kukosa, Tomas" <tomas.kukosa at siemens-enterprise.com> writes:

> Hi,
>  
> I have recived PKCS#12 file created with OpenSSL 0.9.7e which I can not
> read in GnuTLS 2.7.12 but I still can read it in any OpenSSL.

Hi!  Interesting report, I'm debugging it now.

> BTW 0,8% is near to 1/128 or to 1/120 but it could be just random :-)

This suggests some parsing problem, maybe in the PKCS#12 string2key
function.  The 3DES keys for three of the four PEM's happened to start
with 00.  The fourth PEM didn't start with 00, but the IV is also
derived using the string2key function, so maybe there is a similar
problem there.  Could be some DES parity bit issue as well.

I'll instrument openssl to print the decryption keys it compute, if
there is a mismatch I've confirmed the theory.

/Simon





More information about the Gnutls-help mailing list