[Users] Gpgsm failure to import Certtool generated PKCS #12 structures.

ENI info at endeavor-networks.com
Tue Sep 16 23:49:56 CEST 2014 

> On Tue, 16 Sep 2014 14:37:01 -0400
> "ENI" <info at endeavor-networks.com> wrote:
> 
> We used Certtool to generate private keys, X.509 certificates, and DER
> encoded PKCS #12 structures (incl. cert and private key).
> 
> The DER encoded PKCS #12 structures were successfully imported into
> Thunderbird's Certificate Manager without issue.
> 
> Gpgsm failed to import these structures.
> 
> We then used Certtool to generated "PEM" encoded PKCS #12 structures
> (incl. cert and private key).
> 
> Gpgsm failed to import these structures.
> 
> 
> prompt >gpgsm --import x509-postmaster.p12
> 
> ... produced the following output:
> 
> gpgsm: gpg-protect-tool: encryptedData error at
> "bag.encryptedData.keyinfo", offset 79
> 
> gpgsm: gpg-protect-tool: error at "bag.encryptedData", offset 49 
> 
> gpgsm: gpg-protect-tool: error parsing or decrypting the PKCS-12 file 
> 
> gpgsm: error running `E:\Program Files\GNU\Claws
> Mail\gpg-protect-tool.exe': exit status 2 
> 
> gpgsm: total number processed: 0
> 
> 
> In order to proceed with our trials, we chose to generate keys and
> certificate signing requests (CSR) with Gpgsm; process the CSRs with
> Certtool, and import the certs with Gpgsm.
> 
> Anyone have any insights as to why Gpgsm would fail to import the PKCS
> #12 structures generated by Certtool, and produce the error output
> documented above?
> 
> Regards,
> ENI
> 

Should have mentioned that we're using Claws Mail (Win32),
claws-mail-3.10.1-pkg56.

Also, importation of PKCS #12 structures via the Gnu Privacy Assistant
(GPA) GUI, fail, even for those structures successfully imported with
Gpgsm.

When you start with the assumption that the GPA GUI works, and then
importation fails, you waste a lot of time investigating other
potential causes before you realize that the GUI doesn't do what it's
supposed to do.

We only discovered that the GUI was deficient after abandoning it, in
favor of Gpgsm.

C:\Program Files\GNU\Claws Mail\gpgsm.exe

The question still remains, as to why Gpgsm would fail to import the
PKCS #12 structures generated by Certtool, and produce the error output
documented in the original post.

Regards,
ENI

More information about the Users mailing list