[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Help-gnutls] Re: TLS/OpenPGP draft expiring soon
From: |
Simon Josefsson |
Subject: |
[Help-gnutls] Re: TLS/OpenPGP draft expiring soon |
Date: |
Fri, 19 Jan 2007 15:08:57 +0100 |
User-agent: |
Gnus/5.110006 (No Gnus v0.6) Emacs/22.0.92 (gnu/linux) |
Also, creating examples and a self test for the OpenPGP stuff would be
useful. Have you managed to get it to work at all? I tried this:
address@hidden:~/src/gnutls$ gpg -a --export-secret-keys b565716f >
~/privkey.gpg
The above step would be nice to avoid, btw, although I'm not exactly
sure which file formats are supported/required. This area seems
under-documented.
Starting the server:
address@hidden:~/src/gnutls$ /home/jas/src/gnutls/src/gnutls-serv --pgpkeyring
~/.gnupg/pubring.gpg --pgptrustdb ~/.gnupg/secring.gpg --pgpkeyfile
~/privkey.gpg --pgpcertfile ~/josefsson.org/key.txt
Echo Server ready. Listening to port '5556'.
Error in handshake
Error: Decryption has failed.
Starting the client:
address@hidden:~/src/gnutls$ /home/jas/src/gnutls/src/gnutls-cli --pgpkeyring
~/.gnupg/pubring.gpg --pgptrustdb ~/.gnupg/secring.gpg --pgpkeyfile
~/privkey.gpg --pgpcertfile ~/josefsson.org/key.txt --port 5556 localhost
Processed 1 client PGP certificate...
Resolving 'localhost'...
Connecting to '127.0.0.1:5556'...
*** Fatal error: A TLS fatal alert has been received.
*** Received alert [20]: Bad record MAC
*** Handshake has failed
GNUTLS ERROR: A TLS fatal alert has been received.
address@hidden:~/src/gnutls$
Enabling debugging in the server indicate this:
|<2>| ASSERT: gnutls_pk.c:283
|<2>| ASSERT: auth_rsa.c:258
|<1>| auth_rsa: Possible PKCS #1 format attack
However, if I look at the decrypted RSA signature, it is just garbage.
Probably it is using the wrong private or public key.
I think the OpenPGP integration in GnuTLS generally needs some TLC,
and if you have time to work on it, that would appreciated.
Thanks,
Simon