Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. GnuPG>
  3. users
Cannot import private key into gpgsm
bronger at physik
Jun 10, 2022, 11:44 AM
Post #1 of 10 (808 views)
Permalink
Hallöchen!

For signing emails, I requested an S/MIME certificate using the
German academic DFN service. At the end of this process, I get a
.p12 file (PKCS12). I can convert this file to PEM using

openssl pkcs12 -in TorstenBronger.p12 -nodes -out /tmp/temp.pem

In the PEM file, I can see four certificates (my own and the chain)
and the private key. But importing the .p12 file into gpgsm fails:

$ gpgsm --import TorstenBronger.p12
gpgsm: data error at "data.objectidentifier", offset 67
gpgsm: error at "bag-sequence", offset 49
gpgsm: error parsing or decrypting the PKCS#12 file
gpgsm: total number processed: 0

It does not matter whether or not I removed the password from the
key using the roundtripping described in
https://serverfault.com/a/633820/47303. Moreover, neither
git.scc.kit.edu/-/snippets/572 nor importing into and re-exporting
from Firefox change anything. The error message is the same
afterwards.

Writing only the certificates to a PEM, I seem to be able to import
them into gpgsm’s database (along with the public key?). But the
private key is missing.

One source said that gpg and gpgsm share the same database at least
for private keys. But I get an import error trying to import the
PEM file with only the key into gpg.

How can I successfully import the certificates and the key into
gpgsm?

Regards,
Torsten.


P.S.: This is basically a copy of
https://superuser.com/questions/1725832/gpgsm-cannot-import-private-key.
If I get an answer here which is not put by the answerer themselves
to superuser.com, I will update superuser.com.
--
Torsten Bronger

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
https://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Cannot import private key into gpgsm [ In reply to ]
gnupg-users at gnupg
Jun 11, 2022, 4:52 PM
Post #2 of 10 (803 views)
Permalink
> One source said that gpg and gpgsm share the same database at least
> for private keys. But I get an import error trying to import the
> PEM file with only the key into gpg.
>
> How can I successfully import the certificates and the key into
> gpgsm?

FWIW, I've never been able to import the S/MIME cert from $WORK into
gnupg/gpgsm straight. I've had to go via thunderbird import -> export > gpgsm
import to become functional. Not sure why, maybe CRLF was an issue, but
I never investigated as I have a working process.


_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
https://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Cannot import private key into gpgsm [ In reply to ]
gnupg-users at gnupg
Jun 13, 2022, 9:25 AM
Post #3 of 10 (803 views)
Permalink
Hi!

please let us known your GnuPG versions and your OS.


Shalom-Salam,

Werner


--
The pioneers of a warless world are the youth that
refuse military service. - A. Einstein

Attached Files:

Re: Cannot import private key into gpgsm [ In reply to ]
gnupg-users at gnupg
Jun 13, 2022, 9:39 AM
Post #4 of 10 (803 views)
Permalink
    Slackware64 15

slack15@darkstar:~/.config$ gpg --version
gpg (GnuPG) 1.4.23
Copyright (C) 2015 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later
<http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Home: ~/.gnupg
Algoritmos suportados:
Chave pública: RSA, RSA-E, RSA-S, ELG-E, DSA
Cifra: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
       CAMELLIA128, CAMELLIA192, CAMELLIA256
Dispersão: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compressão: Uncompressed, ZIP, ZLIB, BZIP2
slack15@darkstar:~/.config$



Werner Koch via Gnupg-users wrote:
> Hi!
>
> please let us known your GnuPG versions and your OS.
>
>
> Shalom-Salam,
>
> Werner
>
>
>
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users@gnupg.org
> https://lists.gnupg.org/mailman/listinfo/gnupg-users

Attached Files:

Re: Cannot import private key into gpgsm [ In reply to ]
gnupg-users at gnupg
Jun 13, 2022, 3:19 PM
Post #5 of 10 (802 views)
Permalink
Gilberto F da Silva via Gnupg-users wrote:
> Slackware64 15
>
> slack15@darkstar:~/.config$ gpg --version
> gpg (GnuPG) 1.4.23
> [...]


I may be misunderstanding, but I do not think that GPG 1.4.x ever even
supported X.509 at all. Maybe you also have a gpg2 command? Maybe
there is another gpg somewhere else on the machine?


-- Jacob

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
https://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Cannot import private key into gpgsm [ In reply to ]
gnupg-users at gnupg
Jun 13, 2022, 3:44 PM
Post #6 of 10 (802 views)
Permalink
Jacob Bachmeyer wrote:
> Gilberto F da Silva via Gnupg-users wrote:
>>     Slackware64 15
>>
>> slack15@darkstar:~/.config$ gpg --version
>> gpg (GnuPG) 1.4.23
>> [...]
>
>
> I may be misunderstanding, but I do not think that GPG 1.4.x ever even
> supported X.509 at all.  Maybe you also have a gpg2 command?  Maybe
> there is another gpg somewhere else on the machine?
>
>
> -- Jacob

I have 3 Linux distributions installed on the computer. In openSUSE
Tumbleweed the result is different when using gpg --version.

openSUSE Tumbleweed

tumbleweed@localhost:~> gpg --version
gpg (GnuPG) 2.3.4
libgcrypt 1.9.4-unknown
Copyright (C) 2021 Free Software Foundation, Inc.
License GNU GPL-3.0-or-later <https://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Home: /home/tumbleweed/.gnupg
Supported algorithms:
Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
        CAMELLIA128, CAMELLIA192, CAMELLIA256
AEAD: EAX, OCB
Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2
tumbleweed@localhost:~>




--

Attached Files:

Re: Cannot import private key into gpgsm [ In reply to ]
bronger at physik
Jun 13, 2022, 11:36 PM
Post #7 of 10 (802 views)
Permalink
Hall?chen!

ckeader via Gnupg-users writes:

> [...]
>
>> How can I successfully import the certificates and the key into
>> gpgsm?
>
> FWIW, I've never been able to import the S/MIME cert from $WORK
> into gnupg/gpgsm straight. I've had to go via thunderbird import
> -> export > gpgsm import to become functional. Not sure why, maybe
> CRLF was an issue, but I never investigated as I have a working
> process.

Thunderbird can export secret keys, too? Mine (91.9.1) exports only
certificates, in PEM or PKCS7 format.

Regards,
Torsten.

--
Torsten Bronger

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
https://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Cannot import private key into gpgsm [ In reply to ]
bronger at physik
Jun 13, 2022, 11:38 PM
Post #8 of 10 (802 views)
Permalink
Hallöchen!

Werner Koch writes:

> please let us known your GnuPG versions and your OS.

gpgsm (GnuPG) 2.2.27
libgcrypt 1.9.4
libksba 1.6.0-unknown

Supported algorithms:
Cipher: 3DES, AES128, AES192, AES256, SERPENT128, SERPENT192, SERPENT256, SEED, CAMELLIA128, CAMELLIA192, CAMELLIA256
Pubkey: RSA, ECC
Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224, WHIRLPOOL

On Ubuntu 22.04.

Regards,
Torsten.

--
Torsten Bronger

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
https://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Cannot import private key into gpgsm [ In reply to ]
gnupg-users at gnupg
Jun 14, 2022, 12:50 AM
Post #9 of 10 (802 views)
Permalink
On Tue, 14 Jun 2022 08:38, Torsten Bronger said:
> Hallöchen!
>
> Werner Koch writes:
>
>> please let us known your GnuPG versions and your OS.
>
> gpgsm (GnuPG) 2.2.27

Please update to 2.2.35 which

* gpgsm: Fix parsing of certain PKCS#12 files. [T5793]

See https://dev.gnupg.org/T5793 . It is likely that you parsing problem
is also solved with this updated.


Salam-Shalom,

Werner

--
The pioneers of a warless world are the youth that
refuse military service. - A. Einstein

Attached Files:

Re: Cannot import private key into gpgsm [ In reply to ]
bronger at physik
Jul 7, 2022, 9:41 PM
Post #10 of 10 (766 views)
Permalink
Hall?chen!

Torsten Bronger writes:

> For signing emails, I requested an S/MIME certificate using the
> German academic DFN service. At the end of this process, I get a
> .p12 file (PKCS12). I can convert this file to PEM using
>
> openssl pkcs12 -in TorstenBronger.p12 -nodes -out /tmp/temp.pem
>
> In the PEM file, I can see four certificates (my own and the
> chain) and the private key. But importing the .p12 file into
> gpgsm fails:

With GnuPG 2.2.36, this problem is indeed gone. Thank you!

Regards,
Torsten Bronger.

--
Torsten Bronger

Attached Files:

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal