[gnutls-devel] GnuTLS | gnutls_certificate_set_x509_key_file - private key (#1123)

Read-only notification of GnuTLS library development activities gnutls-devel at lists.gnutls.org
Fri Nov 20 17:01:01 CET 2020



Achim Kraus created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1123



I'm currently wondering, why gnutls version 3.5.18 and 3.6.15 reject to read a ec-private key generated by the java keytool.

Using a demo key

```
-----BEGIN PRIVATE KEY-----
MEECAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQcEJzAlAgEBBCBgNuyqKuRW0RxU1DVs
aEpBPtVRVLRZYq6hZRzvZ6igBw==
-----END PRIVATE KEY-----
```

for `gnutls_certificate_set_x509_key_file` I get:

"gnutls_certificate_set_x509_key_file: 'ASN1 parser: Error in DER parsing.'"


Using:

```
-----BEGIN PRIVATE KEY-----
MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgYDbsqirkVtEcVNQ1
bGhKQT7VUVS0WWKuoWUc72eooAehRANCAAQUaejXTuQWAngC8AFC+IT2FMmUR4Hj
B9LcvnxDknyytbFK6cSCeIht+vSnxKHD4LVcBzMXEmufxKMUJWo4qOuu
-----END PRIVATE KEY-----
```

works.

The difference is the explicit public key as bit-string.
According [RFC 5915 - 3.  Elliptic Curve Private Key Format](https://tools.ietf.org/html/rfc5915#section-3)

> Though the ASN.1 indicates publicKey is OPTIONAL, implementations that conform to this document SHOULD always include the publicKey field.

that field is optional. Even the `SHOULD` doesn't justify, why it seems to be required.

Using `gnutls_certificate_set_x509_simple_pkcs12_file` unfortunately  also fails.

Is there a trick, how to use the private key without the optional public one?

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1123
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20201120/fba83387/attachment.html>


More information about the Gnutls-devel mailing list