Hello, everyone
Currently, GnuPG cannot import PKCS#12 files protected with passwords
longer than 31 bytes, giving a long series of error messages while
trying to interpret the given password with all implemented character
sets.
Before I file a bug report: Is there any good reason for limiting the
password length for PKCS#12 files to 63/2 = 31 bytes in line 354 of
"sm/minip12.c"?
Neither in the comments nor in the code below I can find any reason for
a limit smaller than 63 bytes, and other software like OpenSSL allows
for even longer passwords.
Should there be no such reason, I'd suggest to modify the limit in line
354 of "sm/minip12.c". I did not test it, but as far as I can see, the
rest of the code can handle up to 63 bytes, so this might be a
reasonable limit forced by the current implementation.
Best regards
--
Rainer Perske
Systemdienste + Leiter der Zertifizierungsstelle (WWUCA)
--
Westf?lische Wilhelms-Universit?t (WWU) M?nster
WWU IT
Rainer Perske, Systemdienste
R?ntgenstra?e 7-13, Raum 006
48149 M?nster
Tel.: +49 251 83-31582
E-Mail: rainer.perske@uni-muenster.de
Website: www.uni-muenster.de/it
Zertifizierungsstelle (WWUCA):
Tel.: +49 251 83-31590
E-Mail: ca@uni-muenster.de
WWW: www.uni-muenster.de/wwuca
Currently, GnuPG cannot import PKCS#12 files protected with passwords
longer than 31 bytes, giving a long series of error messages while
trying to interpret the given password with all implemented character
sets.
Before I file a bug report: Is there any good reason for limiting the
password length for PKCS#12 files to 63/2 = 31 bytes in line 354 of
"sm/minip12.c"?
Neither in the comments nor in the code below I can find any reason for
a limit smaller than 63 bytes, and other software like OpenSSL allows
for even longer passwords.
Should there be no such reason, I'd suggest to modify the limit in line
354 of "sm/minip12.c". I did not test it, but as far as I can see, the
rest of the code can handle up to 63 bytes, so this might be a
reasonable limit forced by the current implementation.
Best regards
--
Rainer Perske
Systemdienste + Leiter der Zertifizierungsstelle (WWUCA)
--
Westf?lische Wilhelms-Universit?t (WWU) M?nster
WWU IT
Rainer Perske, Systemdienste
R?ntgenstra?e 7-13, Raum 006
48149 M?nster
Tel.: +49 251 83-31582
E-Mail: rainer.perske@uni-muenster.de
Website: www.uni-muenster.de/it
Zertifizierungsstelle (WWUCA):
Tel.: +49 251 83-31590
E-Mail: ca@uni-muenster.de
WWW: www.uni-muenster.de/wwuca