[Help-gnutls] Re: TLS/OpenPGP draft expiring soon

Simon Josefsson simon at josefsson.org
Fri Feb 2 14:50:17 CET 2007 

ludovic.courtes at laas.fr (Ludovic Courtès) writes:

> Hi,
>
> Simon Josefsson <simon at josefsson.org> writes:
>
>> Also, creating examples and a self test for the OpenPGP stuff would be
>> useful.  Have you managed to get it to work at all?
>
> It took me a while, but I finally found why `gnutls-serv' wouldn't do
> the job as expected (I knew it should work because I have small
> client/server of my own that do work).
>
> First, the patch below must be applied to `serv.c'.  Then, actual DH
> and/or RSA parameters must be provided or generated for the server.  So
> we end up with a command-line like this for the server:
>
>   $ ./gnutls-serv --dhparams tls-dh-params \
>                   --ctypes openpgp --pgpcertfile pub.asc \
>                   --pgpkeyfile sec.asc
>
> And for the client:
>
>   $ gnutls-cli --ctypes openpgp --pgpcertfile pub.asc \
>                --pgpkeyfile sec.asc -p 5556 localhost
>
> And it works like a charm, even with `--require-cert' passed to the
> server.
>
> Can you confirm?

Hi!  Actually, the tools works fine without your patch, IF I use a
newly generated key.

Server:

jas at mocca:~$ gnutls-serv --dhparams ~/dh.pem --pgpcertfile ~/.gnupg-foo/pub.txt --pgpkeyfile ~/.gnupg-foo/sec.txt
Read Diffie Hellman parameters.
Echo Server ready. Listening to port '5556'.


* connection from ::ffff:127.0.0.1, port 48423
- Given server name[1]: localhost
- Certificate type: OpenPGP
 # Key was created at: Fri Feb  2 14:32:23 CET 2007
 # Key expires: Never
 # PGP Key version: 4
 # PGP Key public key algorithm: DSA (1024 bits)
 # PGP Key fingerprint: BF:D6:44:C3:26:74:9E:3A:99:1E:D0:B5:C0:85:0D:AD:40:CD:57:C9
 #   NAME: Foo Bar <test at test.org>

- Peer's key is valid
- Could not find a signer of the peer's key
- Version: TLS 1.1
- Key Exchange: DHE DSS
- Cipher: AES 128 CBC
- MAC: SHA
- Compression: DEFLATE

Client:

jas at mocca:~$ gnutls-cli  --pgpcertfile ~/.gnupg-foo/pub.txt --pgpkeyfile ~/.gnupg-foo/sec.txt -p 5556 localhost
Processed 1 client PGP certificate...
Resolving 'localhost'...
Connecting to '127.0.0.1:5556'...
- Certificate type: OpenPGP
 # The hostname in the key does NOT match 'localhost'.
 # Key was created at: Fri Feb  2 14:32:23 CET 2007
 # Key expires: Never
 # PGP Key version: 4
 # PGP Key public key algorithm: DSA (1024 bits)
 # PGP Key fingerprint: BF:D6:44:C3:26:74:9E:3A:99:1E:D0:B5:C0:85:0D:AD:40:CD:57:C9
 #   NAME: Foo Bar <test at test.org>

- Peer's key is valid
- Could not find a signer of the peer's key
- Version: TLS 1.1
- Key Exchange: DHE DSS
- Cipher: AES 128 CBC
- MAC: SHA
- Compression: DEFLATE
- Handshake was completed

- Simple Client Mode:

This is quit nice, but there are some things we could do to make
things easier.  I'm thinking that gnutls-serv should use a static
hard-coded D-H parameter if the user didn't supply one on the command
line.

Here is what I get if I test with my own key:

jas at mocca:~/src/gnutls/src$ gpg -a --export-secret-keys b565716f > ~/privkey.gpgjas at mocca:~/src/gnutls/src$ gpg -a --export b565716f > ~/pubkey.gpg 

Server:

jas at mocca:~/src/gnutls/src$ ./gnutls-serv --dhparams dh.pem --pgpcertfile ~/pubkey.gpg --pgpkeyfile ~/privkey.gpg
Read Diffie Hellman parameters.
Echo Server ready. Listening to port '5556'.

Error in handshake
Error: A TLS packet with unexpected length was received.

Client:

jas at mocca:~/src/gnutls/src$ ./gnutls-cli  --pgpcertfile ~/pubkey.gpg --pgpkeyfile ~/privkey.gpg -p 5556 localhost
Processed 1 client PGP certificate...
Resolving 'localhost'...
Connecting to '127.0.0.1:5556'...
*** Fatal error: Decryption has failed.
*** Handshake has failed
GNUTLS ERROR: Decryption has failed.
jas at mocca:~/src/gnutls/src$

Debugging indicates problems decrypting the challenge, in the client:

|<2>| ASSERT: gnutls_pk.c:283
|<2>| ASSERT: gnutls_pk.c:359
|<2>| ASSERT: gnutls_sig.c:299
|<2>| ASSERT: gnutls_sig.c:468
|<2>| ASSERT: auth_dhe.c:233
|<2>| ASSERT: gnutls_kx.c:346
|<2>| ASSERT: gnutls_handshake.c:2235

I suspect OpenCDK uses the wrong RSA key to encrypt and/or decrypt the
data.  I have several old and expired keys in my private key.  IIRC,
even GnuPG had a similar problem with my key some time ago.

/Simon

More information about the Gnutls-help mailing list