Authenticating with OpenPGP certificates with primary keys marked S2K_GNU_EXT fails

Sean Buckheister s_buckhe at
Mon Jan 30 06:31:07 CET 2012


today I stumbled across a (from my point of view) major problem with
OpenPGP certificate handling: it doesn't work when a certificate has no
private keying material in it's primary key.

Apparently, the ability to read such keys was added to the library in
late 2008 [0], but only the loader was touched. Loading such a key fails
when used for TLS authentication, even when there is at least one
unencrypted, active subkey with Sign/Authenticate capabilities.

I managed to narrow the problem down to the privkey-copy operation that
stores a user-supplied private key into a certificate credentials
structure. To copy that private key, it is first exported from it's
internal representation, then reloaded into a new and distinct internal
representation attached to the credentials struct. The exporter however
does not correctly export the primary key the loader once found, and
thus the next loader will fail to load the key.

The codepath that leads to this in my case is

gnutls_privkey_import_openpgp (... GNUTLS_PRIVKEY_IMPORT_COPY)

This method does the export/importing. Export works, import doesn't:


This will find an exported CDK_PKT_SECRET_SUBKEY packet, but with wrong S2K.


This finally fails, reading the S2K. Somehow the packet gets shortened
by two bytes during export. This is due to the exporter not knowing
about S2K_GNU_EXT, telling it how long one of those S2Ks is fixes the
problem nicely. A patch that does this (three lines in total, but about
a day worth of digging through code) is attached.

-- Sean

-------------- next part --------------
A non-text attachment was scrubbed...
Name: s2k.patch
Type: text/x-patch
Size: 432 bytes
Desc: not available
URL: </pipermail/attachments/20120130/2016b1af/attachment.bin>

More information about the Gnutls-devel mailing list