Re: Authenticating with OpenPGP certificates with primary keys marked S2

gnutls-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Authenticating with OpenPGP certificates with primary keys marked S2

From:	Nikos Mavrogiannopoulos
Subject:	Re: Authenticating with OpenPGP certificates with primary keys marked S2K_GNU_EXT fails
Date:	Mon, 30 Jan 2012 22:07:17 +0100
User-agent:	Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.24) Gecko/20111114 Icedove/3.1.16

On 01/30/2012 06:31 AM, Sean Buckheister wrote:

> Hello,
> 
> today I stumbled across a (from my point of view) major problem with
> OpenPGP certificate handling: it doesn't work when a certificate has no
> private keying material in it's primary key.
> 
> Apparently, the ability to read such keys was added to the library in
> late 2008 [0], but only the loader was touched. Loading such a key fails
> when used for TLS authentication, even when there is at least one
> unencrypted, active subkey with Sign/Authenticate capabilities.
[...]
> This finally fails, reading the S2K. Somehow the packet gets shortened

> by two bytes during export. This is due to the exporter not knowing

> about S2K_GNU_EXT, telling it how long one of those S2Ks is fixes the
> problem nicely. A patch that does this (three lines in total, but about
> a day worth of digging through code) is attached.


Thank you! The patch has been applied.


Nikos

[Prev in Thread]

Current Thread

[Next in Thread]

Authenticating with OpenPGP certificates with primary keys marked S2K_GNU_EXT fails, Sean Buckheister, 2012/01/30
- Re: Authenticating with OpenPGP certificates with primary keys marked S2K_GNU_EXT fails, Nikos Mavrogiannopoulos <=

Prev by Date: Re: gnutls for win32
Next by Date: Re: gnutls for win32
Previous by thread: Authenticating with OpenPGP certificates with primary keys marked S2K_GNU_EXT fails
Next by thread: Tests and TCP ports
Index(es):
- Date
- Thread