FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Gentoo > Gentoo User

 
 
LinkBack Thread Tools
 
Old 04-19-2008, 12:58 PM
Mick
 
Default gpgsm is giving me a headache

Hi All,

I am trying to import an SSL certificate into gpgsm/kleopatra and I cannot
seem to be able to make it work:

1. Trying the CLI gives me:
=========================================
$
gpgsm --import /media/sda/Personal/OpenSSL/Comodo/michael_email_comodo_080419.p12
gpgsm: gpgsm: GPG_TTY has not been set - using maybe bogus default
gpgsm: gpg-protect-tool: 1224 bytes of 3DES encrypted text
gpgsm: gpg-protect-tool: password too long
gpgsm: gpg-protect-tool: decryption failed; trying charset `ISO-8859-1'
gpgsm: gpg-protect-tool: password too long
gpgsm: gpg-protect-tool: decryption failed; trying charset `ISO-8859-15'
gpgsm: gpg-protect-tool: password too long
gpgsm: gpg-protect-tool: decryption failed; trying charset `ISO-8859-2'
gpgsm: gpg-protect-tool: password too long
gpgsm: gpg-protect-tool: decryption failed; trying charset `ISO-8859-3'
gpgsm: gpg-protect-tool: password too long
gpgsm: gpg-protect-tool: decryption failed; trying charset `ISO-8859-4'
gpgsm: gpg-protect-tool: password too long
gpgsm: gpg-protect-tool: decryption failed; trying charset `ISO-8859-5'
gpgsm: gpg-protect-tool: password too long
gpgsm: gpg-protect-tool: decryption failed; trying charset `ISO-8859-6'
gpgsm: gpg-protect-tool: password too long
gpgsm: gpg-protect-tool: decryption failed; trying charset `ISO-8859-7'
gpgsm: gpg-protect-tool: password too long
gpgsm: gpg-protect-tool: decryption failed; trying charset `ISO-8859-8'
gpgsm: gpg-protect-tool: password too long
gpgsm: gpg-protect-tool: decryption failed; trying charset `ISO-8859-9'
gpgsm: gpg-protect-tool: password too long
gpgsm: gpg-protect-tool: decryption failed; trying charset `KOI8-R'
gpgsm: gpg-protect-tool: password too long
gpgsm: gpg-protect-tool: decryption failed; trying charset `IBM437'
gpgsm: gpg-protect-tool: password too long
gpgsm: gpg-protect-tool: decryption failed; trying charset `IBM850'
gpgsm: gpg-protect-tool: password too long
gpgsm: gpg-protect-tool: decryption failed; trying charset `EUC-JP'
gpgsm: gpg-protect-tool: password too long
gpgsm: gpg-protect-tool: decryption failed; trying charset `BIG5'
gpgsm: gpg-protect-tool: password too long
gpgsm: gpg-protect-tool: data error at "decrypted-text", offset 2951359603
gpgsm: gpg-protect-tool: error at "bag-sequence", offset 15
gpgsm: gpg-protect-tool: error parsing or decrypting the PKCS-12 file
gpgsm: error running `/usr/libexec/gpg-protect-tool': exit status 2
gpgsm: total number processed: 0
secmem usage: 0/16384 bytes in 0 blocks
=========================================

If I import/export the cert from Firefox, then I can import it in Konqueror.
However, when I try to import it in Kleopatra it fails after I enter my cert
passphrase. I managed to import the cert in Kleopatra without the private
key. As you understand that's no good for me because I cannot sign emails
with it (it doesn't show up on the list of certs).

Any ideas how I could make this work? I can't recall having such problems
with the CACert.org certificates (or if I did I can't recall what's the
fix!).
--
Regards,
Mick
--
gentoo-user@lists.gentoo.org mailing list
 
Old 04-19-2008, 02:09 PM
Mick
 
Default gpgsm is giving me a headache

On Saturday 19 April 2008, Mick wrote:
> Hi All,
>
> I am trying to import an SSL certificate into gpgsm/kleopatra and I cannot
> seem to be able to make it work:
>
> 1. Trying the CLI gives me:
> =========================================
> $
> gpgsm --import
> /media/sda/Personal/OpenSSL/Comodo/michael_email_comodo_080419.p12 gpgsm:
> gpgsm: GPG_TTY has not been set - using maybe bogus default gpgsm:
> gpg-protect-tool: 1224 bytes of 3DES encrypted text
> gpgsm: gpg-protect-tool: password too long
> gpgsm: gpg-protect-tool: decryption failed; trying charset `ISO-8859-1'
> gpgsm: gpg-protect-tool: password too long
> gpgsm: gpg-protect-tool: decryption failed; trying charset `ISO-8859-15'
> gpgsm: gpg-protect-tool: password too long
> gpgsm: gpg-protect-tool: decryption failed; trying charset `ISO-8859-2'
> gpgsm: gpg-protect-tool: password too long
> gpgsm: gpg-protect-tool: decryption failed; trying charset `ISO-8859-3'
> gpgsm: gpg-protect-tool: password too long
> gpgsm: gpg-protect-tool: decryption failed; trying charset `ISO-8859-4'
> gpgsm: gpg-protect-tool: password too long
> gpgsm: gpg-protect-tool: decryption failed; trying charset `ISO-8859-5'
> gpgsm: gpg-protect-tool: password too long
> gpgsm: gpg-protect-tool: decryption failed; trying charset `ISO-8859-6'
> gpgsm: gpg-protect-tool: password too long
> gpgsm: gpg-protect-tool: decryption failed; trying charset `ISO-8859-7'
> gpgsm: gpg-protect-tool: password too long
> gpgsm: gpg-protect-tool: decryption failed; trying charset `ISO-8859-8'
> gpgsm: gpg-protect-tool: password too long
> gpgsm: gpg-protect-tool: decryption failed; trying charset `ISO-8859-9'
> gpgsm: gpg-protect-tool: password too long
> gpgsm: gpg-protect-tool: decryption failed; trying charset `KOI8-R'
> gpgsm: gpg-protect-tool: password too long
> gpgsm: gpg-protect-tool: decryption failed; trying charset `IBM437'
> gpgsm: gpg-protect-tool: password too long
> gpgsm: gpg-protect-tool: decryption failed; trying charset `IBM850'
> gpgsm: gpg-protect-tool: password too long
> gpgsm: gpg-protect-tool: decryption failed; trying charset `EUC-JP'
> gpgsm: gpg-protect-tool: password too long
> gpgsm: gpg-protect-tool: decryption failed; trying charset `BIG5'
> gpgsm: gpg-protect-tool: password too long
> gpgsm: gpg-protect-tool: data error at "decrypted-text", offset 2951359603
> gpgsm: gpg-protect-tool: error at "bag-sequence", offset 15
> gpgsm: gpg-protect-tool: error parsing or decrypting the PKCS-12 file
> gpgsm: error running `/usr/libexec/gpg-protect-tool': exit status 2
> gpgsm: total number processed: 0
> secmem usage: 0/16384 bytes in 0 blocks
> =========================================
>
> If I import/export the cert from Firefox, then I can import it in
> Konqueror. However, when I try to import it in Kleopatra it fails after I
> enter my cert passphrase. I managed to import the cert in Kleopatra
> without the private key. As you understand that's no good for me because I
> cannot sign emails with it (it doesn't show up on the list of certs).
>
> Any ideas how I could make this work? I can't recall having such problems
> with the CACert.org certificates (or if I did I can't recall what's the
> fix!).

There seem to be two problems with gpgsm, probably bugs - or perhaps design
limitations?

1. gpgsm cannot import the complete pkcs12 bundle. This needs to be broken
down and imported separately as the public key (cert) and the private key.
Whether this compromises safety (having an unencrypted private key on your
drive) is a moot point, but makes me think that GnuPG is a much better
solution than SSL certs for emails at least.
2. Long passphrases seem to generate the above error. So, if you come across
the same error try generating your key with a smaller passpphrase, or edit it
with openssl pkcs options.

HTH.
--
Regards,
Mick
 

Thread Tools




All times are GMT. The time now is 03:23 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org