Internal error returned from within gnutls_certificate_set_openpgp_key()
nmav at gnutls.org
Fri Sep 21 18:12:24 CEST 2012
On 09/21/2012 11:37 AM, Joke de Buhr wrote:
> i discovered the internal error seems to be related to the openpgp key size.
> if the key contains just a single signing subkey with 2048 or more bits gnutls
> reports the internal error. a signing subkey with 1024 bits will however.
> moreover the key can contain encryption subkeys up to 4096 bits without
> problem as long as the encryption subkey isn't marked for signing. the
> authentication flags doesn't seem to have any effect at all.
> the problem seems to be related to the key exchange algorithm. the signature
> flag enables DHE_RSA and ECDHE_RSA whereas the encryption flag enable RSA key
> any comments on how to avoid this problem?
Sorry for the late reply. What you say about the sizes could be because
of a static buffer used in gnutls. Could you enable debugging to figure
out which place rejects the long keys?
About the signing flags, you need them in order to use DHE-RSA and
ECDHE-RSA. Those two require RSA signatures. The RSA algorithm requires
an RSA encryption key. Does this explain what you notice?
More information about the Gnutls-help