Internal error returned from within gnutls_certificate_set_openpgp_key()

Joke de Buhr joke at
Tue Sep 18 19:32:45 CEST 2012

well, it seems this error has something to do with the flags of the 
authentication subkey.

if the subkey is marked for authentication and signing 
gnutls_certificate_set_openpgp_key() will report an internal error. if the 
subkey is not marked for signing the function reports success. the encryption 
flags doesn't seem to matter.


On Tuesday 18 September 2012 11:34:18 you wrote:
> hi,
> i'm using GnuTLS version 3.1.1.
> there seems to be a problem within gnutls_certificate_set_openpgp_key().
> gnutls_certificate_set_openpgp_key() uses gnutls_privkey_import_openpgp()
> (flag GNUTLS_PRIVKEY_IMPORT_COPY) to obtain a copy of the passed private
> key. copying is done calling _gnutls_openpgp_privkey_cpy() with in turn
> calls gnutls_openpgp_privkey_export() and gnutls_openpgp_privkey_import().
> during this copying procedure the key somehow gets messed up and
> gnutls_openpgp_privkey_import() returns GNUTLS_E_INTERNAL_ERROR.
> importing the private key with gnutls_openpgp_privkey_import() in the first
> place to pass the parameter to gnutls_certificate_set_openpgp_key() worked
> without problem. the pgp-key contains a master-key with flags SCE and a
> single subkey with flags SEA. using a pgp-key with just a master-key seems
> to work by the way.
> if needed i'm can provide a test program and the gpg-key.
> regards
> Joke
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 729 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20120918/b68f2092/attachment.pgp>

More information about the Gnutls-help mailing list