Good morning,
According to dev.gnupg.org <https://dev.gnupg.org/T4092>, EC support has been in gpgsm for a while now. However, I cannot import an EC certificate/key pair (generated by CPanel via COMODO) into gpgsm . This is a bummer because Kleopatra is basically a gpgsm frontend.
The output I get is:
gpgsm: 1240 bytes of RC2 encrypted text
gpgsm: processing certBag
gpgsm: unknown digest algorithm '1.2.840.10045.4.3.2' used certificate
gpgsm: certificate has a BAD signature: General error
gpgsm: basic certificate checks failed - not imported
gpgsm: 192 bytes of 3DES encrypted text
gpgsm: data error at "decrypted-text", offset 1071903942
gpgsm: error at "bag-sequence", offset 1364
gpgsm: error parsing or decrypting the PKCS#12 file
gpgsm: total number processed: 1
gpgsm: not imported: 1
... when I import the CA bundle into gpgsm first. However, if I import the certificate/key pair first, the import works with warnings:
gpgsm: 1240 bytes of RC2 encrypted text
gpgsm: processing certBag
gpgsm: dirmngr cache-only key lookup failed: Not found
gpgsm: external URL lookup failed: Connection refused
gpgsm: issuer certificate {FE198899934848D2C2A56715955F3501318E738B} not found using authorityKeyIdentifier
gpgsm: dirmngr cache-only key lookup failed: Not found
gpgsm: external URL lookup failed: Connection refused
gpgsm: issuer certificate (#/CN=cPanel\, Inc. ECC Certification Authority,O=cPanel\, Inc.,L=Houston,ST=TX,C=US) not found
gpgsm: dirmngr cache-only key lookup failed: Not found
gpgsm: external URL lookup failed: Connection refused
gpgsm: issuer certificate {FE198899934848D2C2A56715955F3501318E738B} not found using authorityKeyIdentifier
gpgsm: dirmngr cache-only key lookup failed: Not found
gpgsm: external URL lookup failed: Connection refused
gpgsm: 192 bytes of 3DES encrypted text
gpgsm: data error at "decrypted-text", offset 3705267398
gpgsm: error at "bag-sequence", offset 1364
gpgsm: error parsing or decrypting the PKCS#12 file
gpgsm: total number processed: 1
gpgsm: imported: 1
However, when I subsequently import the CA bundle, gpgsm does not mark my certfiicate as certified, implying that there's some breakage in the trust chain.
If anybody wants to play with this, I've uploaded the CA bundle to https://paste.debian.net/1229750/ and my certificate to https://paste.debian.net/1229751/ . Both links will expire on 9 February 2022.
With thanks,
_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
https://lists.gnupg.org/mailman/listinfo/gnupg-users
According to dev.gnupg.org <https://dev.gnupg.org/T4092>, EC support has been in gpgsm for a while now. However, I cannot import an EC certificate/key pair (generated by CPanel via COMODO) into gpgsm . This is a bummer because Kleopatra is basically a gpgsm frontend.
The output I get is:
gpgsm: 1240 bytes of RC2 encrypted text
gpgsm: processing certBag
gpgsm: unknown digest algorithm '1.2.840.10045.4.3.2' used certificate
gpgsm: certificate has a BAD signature: General error
gpgsm: basic certificate checks failed - not imported
gpgsm: 192 bytes of 3DES encrypted text
gpgsm: data error at "decrypted-text", offset 1071903942
gpgsm: error at "bag-sequence", offset 1364
gpgsm: error parsing or decrypting the PKCS#12 file
gpgsm: total number processed: 1
gpgsm: not imported: 1
... when I import the CA bundle into gpgsm first. However, if I import the certificate/key pair first, the import works with warnings:
gpgsm: 1240 bytes of RC2 encrypted text
gpgsm: processing certBag
gpgsm: dirmngr cache-only key lookup failed: Not found
gpgsm: external URL lookup failed: Connection refused
gpgsm: issuer certificate {FE198899934848D2C2A56715955F3501318E738B} not found using authorityKeyIdentifier
gpgsm: dirmngr cache-only key lookup failed: Not found
gpgsm: external URL lookup failed: Connection refused
gpgsm: issuer certificate (#/CN=cPanel\, Inc. ECC Certification Authority,O=cPanel\, Inc.,L=Houston,ST=TX,C=US) not found
gpgsm: dirmngr cache-only key lookup failed: Not found
gpgsm: external URL lookup failed: Connection refused
gpgsm: issuer certificate {FE198899934848D2C2A56715955F3501318E738B} not found using authorityKeyIdentifier
gpgsm: dirmngr cache-only key lookup failed: Not found
gpgsm: external URL lookup failed: Connection refused
gpgsm: 192 bytes of 3DES encrypted text
gpgsm: data error at "decrypted-text", offset 3705267398
gpgsm: error at "bag-sequence", offset 1364
gpgsm: error parsing or decrypting the PKCS#12 file
gpgsm: total number processed: 1
gpgsm: imported: 1
However, when I subsequently import the CA bundle, gpgsm does not mark my certfiicate as certified, implying that there's some breakage in the trust chain.
If anybody wants to play with this, I've uploaded the CA bundle to https://paste.debian.net/1229750/ and my certificate to https://paste.debian.net/1229751/ . Both links will expire on 9 February 2022.
With thanks,
_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
https://lists.gnupg.org/mailman/listinfo/gnupg-users
