[gnutls-help] new EC cert: Received alert [51]: Decrypt error

Nikos Mavrogiannopoulos nmav at gnutls.org
Fri Apr 11 14:18:23 CEST 2014 

On Fri, Apr 11, 2014 at 4:39 AM, Mark Oteiza <mvoteiza at udel.edu> wrote:

>>> $ openssl req -nodes -newkey ec:key -x509 -days 730 -out cert
>> Here you generate another key,
> privkey.pem
>> and a certificate for that key in cert.
> Right, these two files which I combine into foo.pem and feed to s_client.
>> I wouldn't expect any program to work with that combination. GnuTLS
>> should have warned about the key mismatch though.
> I see now that the combinations I used are different for s_client than
> gnutls-cli; totally wrong for the latter.  Thanks for pointing that out.
> I am still unsure of what to do with gnutls-cli.

I see. The format of the private key generated by
openssl ecparam -name secp521r1 -genkey -out key
is different than the format generated by:
openssl req -nodes -newkey ec:key -x509 -days 730 -out cert

The latter is an EC private key encoded using PKCS #8 (BEGIN PRIVATE
KEY header), but does not contain the curve that corresponds to the
key.

openssl asn1parse -inform der -in /tmp/der
    0:d=0  hl=3 l= 211 cons: SEQUENCE
    3:d=1  hl=2 l=   1 prim: INTEGER           :01
    6:d=1  hl=2 l=  66 prim: OCTET STRING      [HEX
DUMP]:01572E926009A1992AD2D04FF4C613625001053B3F5DB44BF43D3CCFE87E5A18104118E162EB7D38B9B1D90BDE72596FF25CF3C6F4FF350CB64545E3DD24F34CDD3F
   74:d=1  hl=3 l= 137 cons: cont [ 1 ]
   77:d=2  hl=3 l= 134 prim: BIT STRING

It does however, place the curve name on the privateKeyAlgorithm
parameters. I guess we would have to parse this format as well.

The former (BEGIN EC PRIVATE KEY header) on the other hand does
contain it (sec521r1).
$ openssl asn1parse -in key
    0:d=0  hl=3 l= 220 cons: SEQUENCE
    3:d=1  hl=2 l=   1 prim: INTEGER           :01
    6:d=1  hl=2 l=  66 prim: OCTET STRING      [HEX
DUMP]:01D10E089A647F43368B4DCA0BBB3AB4BD5036F2146540A18B5AAF60EB22601BB7424968821C51222535A3A2CB7977F15E1F7D92B0852FFF76F6DEC7FA24E6C16DD9
   74:d=1  hl=2 l=   7 cons: cont [ 0 ]
   76:d=2  hl=2 l=   5 prim: OBJECT            :secp521r1
   83:d=1  hl=3 l= 137 cons: cont [ 1 ]
   86:d=2  hl=3 l= 134 prim: BIT STRING

That's the reason gnutls fails to parse the PKCS #8 key. What I can
suggest though, is to either use certtool to generate the private key
and certificate, or try to generate a non-PKCS #8 EC key file with
openssl that corresponds to your certificate.

regards,
Nikos

More information about the Gnutls-help mailing list