Internal error returned from within gnutls_certificate_set_openpgp_key()

Sat Sep 22 20:53:21 CEST 2012

On Friday 21 September 2012 18:12:24 you wrote:
> On 09/21/2012 11:37 AM, Joke de Buhr wrote:
> > hi,
> > 
> > i discovered the internal error seems to be related to the openpgp key
> > size. if the key contains just a single signing subkey with 2048 or more
> > bits gnutls reports the internal error. a signing subkey with 1024 bits
> > will however.
> > 
> > moreover the key can contain encryption subkeys up to 4096 bits without
> > problem as long as the encryption subkey isn't marked for signing. the
> > authentication flags doesn't seem to have any effect at all.
> > 
> > the problem seems to be related to the key exchange algorithm. the
> > signature flag enables DHE_RSA and ECDHE_RSA whereas the encryption flag
> > enable RSA key exchange.
> > any comments on how to avoid this problem?
> 
> Sorry for the late reply. What you say about the sizes could be because
> of a static buffer used in gnutls. Could you enable debugging to figure
> out which place rejects the long keys?

gnutls version 3.1.1

the internal error occurs with "lib/openpgp/privkey.c" during reimporting the 
private key "gnutls_openpgp_privkey_import()" line 111.

the key is exported into memory and imported from memory later on. the buffer 
created for the export is exactly as big as the binary format export from 
gnupg2. i did a memory dump via gdb and discovered the dumped key and the 
original gnupg key differ in some places. the differences are locate within 
the 
files. gnupg seems to be able to import the dumped key again.

i trace the origin of the error value back to read_subpkt() origination from

#0 read_subpkt() at opencdk/read-packet.c:609
#1 read_signature() at opencdk/read-packet.c:788
#2 cdk_pkt_read() at opencdk/read-packet.c:1076
#3 cdk_keydb_get_keyblock() at opencdk/keydb.c:1820
#4 cdk_kbnode_read_from_mem() at opencdk/kbnode.c:426
#5 gnutls_openpgp_privkey_import() at openpgp/privkey.c:184
#6 _gnutls_openpgp_privkey_cpy() at openpgp/privkey.c:110
#7 gnutls_privkey_import_openpgp() at gnutls_privkey.c:590
#8 gnutls_certificate_set_openpgp_key() at openpgp/gnutls_openpgp.c:106
#9 main() at /dev/shm/test.c++:61

read_subpkt sets nbytes in "read-paket.c:792". the nbytes is subtracted from 
size.

size = 574 and nbytes = 706. the new value of size is 18446744073709551484.
there seems to be a problem with the expected size of the subpaket and the 
calculated size (nbytes) of the subpaket. why these values differ i do not 
know. but the functions seem to be doing what they are supposed to be doing.

if you need further information i need to know what i should be looking for.

> About the signing flags, you need them in order to use DHE-RSA and
> ECDHE-RSA. Those two require RSA signatures. The RSA algorithm requires
> an RSA encryption key. Does this explain what you notice?

rfc6091 and the old rfc5081 both state in section 3.3 state:

Key Exchange Algorithm    OpenPGP Certificate Type

RSA       -   RSA public key that can be used for encryption.
DHE_DSS   -   DSA public key that can be used for authentication.
DHE_RSA   -   RSA public key that can be used for authentication.

i don't know enough of openpgp certificate internals but the rfc doesn't 
mention anything about a signing capable certificate. the gnutls documentation 
on the other hand states in section 4 to use DHS_RSA the key must by capable 
of signing.

which capabilities are actually required? is the rfc wrong or didn't i read it 
carefully enough. to be honest i skimmed it.

regards
joke

> regards,
> Nikos
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 729 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20120922/0ef840aa/attachment.pgp>