After patching openpgp_auth.c to work with the new example keys, it
exhibits the same using master key message.
On Sun, Dec 13, 2015 at 12:26 PM, Mike Mestnik
<[email protected]> wrote:
> On Sun, Dec 13, 2015 at 10:41 AM, Nikos Mavrogiannopoulos
> <[email protected]> wrote:
>> On Sat, 2015-12-12 at 17:29 -0600, Mike Mestnik wrote:
>>> Still chipping away at this and I've found a way to get more
>>> information.
>>>
>>> Here is the Client Hello I'm sending:
>>> Data::Hexdumper: data length isn't an integer multiple of lines
>>> so has been padded with NULLs at the end.
>>
>> I'd suggest to try to make the minimal program needed to replicate that
>> behavior you see. I referred you to the test programs because they are
>> small programs that utilize openpgp authentication. You can also start
>> from the examples in the documentation.
>>
> I'll work on this.
>
> One issue with the test is that it uses sockpair and fork to connect
> the client and server, so it'll require some doing to be able to test
> this against another server or client.
>
>>> [ 4718| 9] Signing using master PGP key
>>> [ 4718| 3] ASSERT: privkey.c:1230
>>
>> That's already a hint. Have you tried specifying the exact subkey to
>> use for signing?
>>
> I'm copying the command line example, keys and all. This includes
> using gnutls_certificate_set_openpgp_key_file and thus the master PGP
> key.
>
> The reason to copy this example is that it was simple to connect it's
> client portion to the server I'm working on.
>
>> regards,
>> Nikos
>>
>>
diff --git a/example/openpgp-auth.c b/example/openpgp-auth.c
index 1ce29bd..e2a8a22 100644
--- a/example/openpgp-auth.c
+++ b/example/openpgp-auth.c
@@ -81,12 +81,11 @@ void check_loaded_key(gnutls_certificate_credentials_t cred)
if (err != 0)
fail("get openpgp key %s\n",
gnutls_strerror(err));
-
#if GNUTLS_VERSION_NUMBER >= 0x030400
gnutls_openpgp_privkey_get_subkey_id(key, 0, keyid);
- if (keyid[0] != 0xf3 || keyid[1] != 0x0f || keyid[2] != 0xd4 ||
keyid[3] != 0x23 ||
- keyid[4] != 0xc1 || keyid[5] != 0x43 || keyid[6] != 0xe7 ||
keyid[7] != 0xba)
- fail("incorrect key id (privkey)\n");
+ if (keyid[0] != 0x83 || keyid[1] != 0x7b || keyid[2] != 0x6f ||
keyid[3] != 0xb4 ||
+ keyid[4] != 0x2e || keyid[5] != 0x0f || keyid[6] != 0xe1 ||
keyid[7] != 0x76)
+ fail("\n\nincorrect key id (privkey)\n");
err = gnutls_certificate_get_openpgp_crt(cred, 0, &crts, &n_crts);
if (err != 0)
@@ -98,8 +97,8 @@ void check_loaded_key(gnutls_certificate_credentials_t cred)
fail("openpgp n_crts != 1\n");
gnutls_openpgp_crt_get_subkey_id(crts[0], 0, keyid);
- if (keyid[0] != 0xf3 || keyid[1] != 0x0f || keyid[2] != 0xd4 ||
keyid[3] != 0x23 ||
- keyid[4] != 0xc1 || keyid[5] != 0x43 || keyid[6] != 0xe7 ||
keyid[7] != 0xba)
+ if (keyid[0] != 0x83 || keyid[1] != 0x7b || keyid[2] != 0x6f ||
keyid[3] != 0xb4 ||
+ keyid[4] != 0x2e || keyid[5] != 0x0f || keyid[6] != 0xe1 ||
keyid[7] != 0x76)
fail("incorrect key id (pubkey)\n");
for (i = 0; i < n_crts; ++i)
@@ -126,10 +125,10 @@ void doit(void)
else if (i == 2)
key_id = "auto"; /* test auto */
else if (i >= 3)
- key_id = "f30fd423c143e7ba";
+ key_id = "837b6fb42e0fe176";
if (debug) {
- gnutls_global_set_log_level(5);
+ gnutls_global_set_log_level(9999);
gnutls_global_set_log_function(log_message);
}
@@ -172,11 +171,11 @@ void doit(void)
if (i == 0) /* we use the primary key which is RSA.
Test the RSA ciphersuite */
gnutls_priority_set_direct(session,
-
"NONE:+VERS-TLS1.0:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+RSA:+CTYPE-OPENPGP",
+
"NORMAL:+CTYPE-OPENPGP",
NULL);
else
gnutls_priority_set_direct(session,
-
"NONE:+VERS-TLS1.0:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+DHE-DSS:+DHE-RSA:+CTYPE-OPENPGP",
+
"NORMAL:+CTYPE-OPENPGP",
NULL);
gnutls_transport_set_int(session, sockets[0]);
@@ -257,7 +256,7 @@ void doit(void)
fail("server session %d\n", err);
gnutls_priority_set_direct(session,
-
"NONE:+VERS-TLS1.0:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+DHE-DSS:+DHE-RSA:+RSA:+CTYPE-OPENPGP",
+ "NORMAL:+CTYPE-OPENPGP",
NULL);
gnutls_transport_set_int(session, sockets[1]);
_______________________________________________
Gnutls-help mailing list
[email protected]
http://lists.gnupg.org/mailman/listinfo/gnutls-help
