[gnutls-help] new EC cert: Received alert [51]: Decrypt error

Nikos Mavrogiannopoulos nmav at gnutls.org
Fri Apr 11 14:18:23 CEST 2014

On Fri, Apr 11, 2014 at 4:39 AM, Mark Oteiza <mvoteiza at udel.edu> wrote:

>>> $ openssl req -nodes -newkey ec:key -x509 -days 730 -out cert
>> Here you generate another key,
> privkey.pem
>> and a certificate for that key in cert.
> Right, these two files which I combine into foo.pem and feed to s_client.
>> I wouldn't expect any program to work with that combination. GnuTLS
>> should have warned about the key mismatch though.
> I see now that the combinations I used are different for s_client than
> gnutls-cli; totally wrong for the latter.  Thanks for pointing that out.
> I am still unsure of what to do with gnutls-cli.

I see. The format of the private key generated by
openssl ecparam -name secp521r1 -genkey -out key
is different than the format generated by:
openssl req -nodes -newkey ec:key -x509 -days 730 -out cert

The latter is an EC private key encoded using PKCS #8 (BEGIN PRIVATE
KEY header), but does not contain the curve that corresponds to the

openssl asn1parse -inform der -in /tmp/der
    0:d=0  hl=3 l= 211 cons: SEQUENCE
    3:d=1  hl=2 l=   1 prim: INTEGER           :01
    6:d=1  hl=2 l=  66 prim: OCTET STRING      [HEX
   74:d=1  hl=3 l= 137 cons: cont [ 1 ]
   77:d=2  hl=3 l= 134 prim: BIT STRING

It does however, place the curve name on the privateKeyAlgorithm
parameters. I guess we would have to parse this format as well.

The former (BEGIN EC PRIVATE KEY header) on the other hand does
contain it (sec521r1).
$ openssl asn1parse -in key
    0:d=0  hl=3 l= 220 cons: SEQUENCE
    3:d=1  hl=2 l=   1 prim: INTEGER           :01
    6:d=1  hl=2 l=  66 prim: OCTET STRING      [HEX
   74:d=1  hl=2 l=   7 cons: cont [ 0 ]
   76:d=2  hl=2 l=   5 prim: OBJECT            :secp521r1
   83:d=1  hl=3 l= 137 cons: cont [ 1 ]
   86:d=2  hl=3 l= 134 prim: BIT STRING

That's the reason gnutls fails to parse the PKCS #8 key. What I can
suggest though, is to either use certtool to generate the private key
and certificate, or try to generate a non-PKCS #8 EC key file with
openssl that corresponds to your certificate.


More information about the Gnutls-help mailing list