Does gpgsm support ECDSA-with-sha256 signature?

Sun, 06 Feb 2022 01:38:47 -0800 

Good morning,

According to dev.gnupg.org <https://dev.gnupg.org/T4092>, EC support has been 
in gpgsm for a while now. However, I cannot import an EC certificate/key pair 
(generated by CPanel via COMODO) into gpgsm . This is a bummer because 
Kleopatra is basically a gpgsm frontend.

The output I get is:

gpgsm: 1240 bytes of RC2 encrypted text 
gpgsm: processing certBag 
gpgsm: unknown digest algorithm '1.2.840.10045.4.3.2' used certificate 
gpgsm: certificate has a BAD signature: General error 
gpgsm: basic certificate checks failed - not imported 
gpgsm: 192 bytes of 3DES encrypted text 
gpgsm: data error at "decrypted-text", offset 1071903942 
gpgsm: error at "bag-sequence", offset 1364 
gpgsm: error parsing or decrypting the PKCS#12 file 
gpgsm: total number processed: 1 
gpgsm:           not imported: 1
 
... when I import the CA bundle into gpgsm first. However, if I import the 
certificate/key pair first, the import works with warnings:

gpgsm: 1240 bytes of RC2 encrypted text 
gpgsm: processing certBag 
gpgsm: dirmngr cache-only key lookup failed: Not found 
gpgsm: external URL lookup failed: Connection refused 
gpgsm: issuer certificate {FE198899934848D2C2A56715955F3501318E738B} not found 
using authorityKeyIdentifier 
gpgsm: dirmngr cache-only key lookup failed: Not found 
gpgsm: external URL lookup failed: Connection refused 
gpgsm: issuer certificate (#/CN=cPanel\, Inc. ECC Certification 
Authority,O=cPanel\, Inc.,L=Houston,ST=TX,C=US) not found 
gpgsm: dirmngr cache-only key lookup failed: Not found 
gpgsm: external URL lookup failed: Connection refused 
gpgsm: issuer certificate {FE198899934848D2C2A56715955F3501318E738B} not found 
using authorityKeyIdentifier 
gpgsm: dirmngr cache-only key lookup failed: Not found 
gpgsm: external URL lookup failed: Connection refused 
gpgsm: 192 bytes of 3DES encrypted text 
gpgsm: data error at "decrypted-text", offset 3705267398 
gpgsm: error at "bag-sequence", offset 1364 
gpgsm: error parsing or decrypting the PKCS#12 file 
gpgsm: total number processed: 1 
gpgsm:               imported: 1
 
However, when I subsequently import the CA bundle, gpgsm does not mark my 
certfiicate as certified, implying that there's some breakage in the trust 
chain.

If  anybody wants to play with this, I've uploaded the CA bundle to 
https://paste.debian.net/1229750/ and my certificate to 
https://paste.debian.net/1229751/ . Both links will expire on 9 February 2022.

With thanks,

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
https://lists.gnupg.org/mailman/listinfo/gnupg-users

Reply via email to