From timo.gerke at alice-dsl.net Fri Aug 1 19:52:31 2025 From: timo.gerke at alice-dsl.net (Timo Gerke) Date: Fri, 1 Aug 2025 19:52:31 +0200 Subject: [gnutls-help] ECIES support in gnutls Message-ID: <70f9bdd8-dd90-4c16-8dd2-807d34b3b772@alice-dsl.net> Hi all, is the Elliptic Curve Integrated Encryption Scheme supported by gnutls? If so, which certtool command (sequence) is correct to generate an ECIES based CSR? If not I hereby request ECIES support as feature. Other open cryptolibs like wolfssl [1] for example already support ecies Thanks and Regards, Timo Gerke [1] see https://www.wolfssl.com/ecies-sec-1-isoiec-18033 -- Timo Gerke Lohkoppelweg 40 22529 Hamburg Germany Fon: +49-40-24433033 Fax: +49-40-22628453 If you think technology can solve your security problems, then you don't understand the problems and you don't understand the technology. Bruce Schneier, amerikanischer Kryptograph -------------- next part -------------- A non-text attachment was scrubbed... Name: timo_gerke.vcf Type: text/vcard Size: 235 bytes Desc: not available URL: From simon at josefsson.org Fri Aug 1 22:11:10 2025 From: simon at josefsson.org (Simon Josefsson) Date: Fri, 01 Aug 2025 22:11:10 +0200 Subject: [gnutls-help] ECIES support in gnutls In-Reply-To: <70f9bdd8-dd90-4c16-8dd2-807d34b3b772@alice-dsl.net> (Timo Gerke's message of "Fri, 1 Aug 2025 19:52:31 +0200") References: <70f9bdd8-dd90-4c16-8dd2-807d34b3b772@alice-dsl.net> Message-ID: <87o6syvm3l.fsf@josefsson.org> Timo Gerke writes: > Hi all, > > is the Elliptic Curve Integrated Encryption Scheme supported by gnutls? Not to my knowledge. > If so, which certtool command (sequence) is correct to generate an > ECIES based CSR? > > If not I hereby request ECIES support as feature. Do you have a openly available protocol specification as a reference? There seems to be several variants around, and it isn't clear to me which one (if any) will win. /Simon > Other open cryptolibs like wolfssl [1] for example already support ecies > > Thanks and Regards, > > Timo Gerke > > [1] see https://www.wolfssl.com/ecies-sec-1-isoiec-18033 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 1251 bytes Desc: not available URL: From gnutls-help at aliases.systohc.net Sat Aug 9 17:50:05 2025 From: gnutls-help at aliases.systohc.net (Fabiano Sidler) Date: Sat, 9 Aug 2025 17:50:05 +0200 Subject: [gnutls-help] Building GnuTLS with p11-kit Message-ID: Hi folks! I'm trying to build GnuTLS with p11-kit support. While building p11-kit itself with the following commands ? ? PREFIX=/tmp ? ? P11KIT_VERSION=0.25.5 ? ? GNUTLS_VERSION=3.7.11 ? ? wget https://github.com/p11-glue/p11-kit/releases/download/${P11KIT_VERSION}/p11-kit-${P11KIT_VERSION}.tar.xz ? ? tar xf p11-kit-${P11KIT_VERSION}.tar.xz ? ? cd p11-kit-${P11KIT_VERSION} ? ? ./configure --prefix=${PREFIX}/gnutls --disable-trust-module --enable-debug=yes --without-bash-completion ? ? make -j$(nproc) ? ? make install ? ? cd .. worked perfectly, building GnuTLS with ? ? wget https://www.gnupg.org/ftp/gcrypt/gnutls/v3.7/gnutls-${GNUTLS_VERSION}.tar.xz ? ? tar xf gnutls-${GNUTLS_VERSION}.tar.xz ? ? cd gnutls-${GNUTLS_VERSION} ? ? ./configure --prefix=${PREFIX}/gnutls --with-included-unistring terribly fails at finding p11-kit with ? ? [...] ? ? checking for p11-kit-1 >= 0.23.1... no ? ? configure: error: ? ? *** ? ? *** p11-kit >= 0.23.1 was not found. To disable PKCS #11 support ? ? *** use --without-p11-kit, otherwise you may get p11-kit from ? ? *** https://p11-glue.freedesktop.org/p11-kit.html ? ? *** When I use this configure line ? P11_KIT_CFLAGS=-I${PREFIX}/gnutls/include/p11-kit-1 P11_KIT_LIBS=-L${PREFIX}/gnutls/lib:${PREFIX}/gnutls/lib/pkcs11 ./configure --prefix=${PREFIX}/gnutls --with-included-unistring ./configure passes without error but the subsequent make fails with ? ? ake[3]: *** [Makefile:2623: srptool] Error 1 ? ? /usr/bin/ld: ../lib/.libs/libgnutls.so: undefined reference to `p11_kit_uri_get_pin_source' ? ? [...] ? ? /usr/bin/ld: ../lib/.libs/libgnutls.so: undefined reference to `p11_kit_uri_get_token_info' ? ? collect2: error: ld returned 1 exit status ? ? make[3]: *** [Makefile:2611: ocsptool] Error 1 ? ? make[3]: Leaving directory '/home/user/Downloads/gnutls-3.7.11/src' ? ? make[2]: *** [Makefile:2446: all] Error 2 ? ? make[2]: Leaving directory '/home/user/Downloads/gnutls-3.7.11/src' ? ? make[1]: *** [Makefile:2264: all-recursive] Error 1 ? ? make[1]: Leaving directory '/home/user/Downloads/gnutls-3.7.11' ? ? make: *** [Makefile:2189: all] Error 2 How can I successfully build GnuTLS with p11-kit? I'm on Ubuntu 24.04 if that matters... Greetings, Fabiano From ametzler at bebt.de Sun Aug 10 11:06:38 2025 From: ametzler at bebt.de (Andreas Metzler) Date: Sun, 10 Aug 2025 11:06:38 +0200 Subject: [gnutls-help] Building GnuTLS with p11-kit In-Reply-To: References: Message-ID: On 2025-08-09 Fabiano Sidler wrote: > Hi folks! > I'm trying to build GnuTLS with p11-kit support. While building p11-kit > itself with the following commands > ? ? PREFIX=/tmp > ? ? P11KIT_VERSION=0.25.5 > ? ? GNUTLS_VERSION=3.7.11 > ? ? wget https://github.com/p11-glue/p11-kit/releases/download/${P11KIT_VERSION}/p11-kit-${P11KIT_VERSION}.tar.xz > ? ? tar xf p11-kit-${P11KIT_VERSION}.tar.xz > ? ? cd p11-kit-${P11KIT_VERSION} > ? ? ./configure --prefix=${PREFIX}/gnutls --disable-trust-module > --enable-debug=yes --without-bash-completion > ? ? make -j$(nproc) > ? ? make install > ? ? cd .. > worked perfectly, building GnuTLS with [...] Hello, You have installed p11-kit into a set of directories which * are not scanned by pkgconf by default (/usr/gnutls/lib/pkgconfig/), * whose header subdir are not in the preprocessor's default search path (/usr/gnutls/include) and * whose lib subdir is neither in the compiler/linker's search-path * nor in the runtime dynamic linker's search-path (/usr/gnutls/lib/) One can do strange stuff like this but it is completely unrelated to gnutls how to deal with this. (e.g. static linking, rpath, modifying the pc file, symlink farm, ...) cu Andreas -- `What a good friend you are to him, Dr. Maturin. His other friends are so grateful to you.' `I sew his ears on from time to time, sure'