26 Nov 2025, 05:00 by [email protected]: > However, when exporting in pkcs#12 or pcks#8 format, gpgsm recomputes the > parameters to get them into OpenSSL format. > I must be using either gpgsm or openssl incorrectly. When I run: gpgsm --output secret-key.pkcs12 --export-secret-key-p12 $cert_id_goes_here openssl pkcs12 -in secret-key.pkcs12 -info -noout # copied straight from the openssl manpage I get:
MAC: sha1, Iteration 2048 MAC length: 20, salt length: 8 PKCS7 Encrypted data: pbeWithSHA1And40BitRC2-CBC, Iteration 2048 Error outputting keys and certificates 40B7E82EE87F0000:error:0308010C:digital envelope routines:inner_evp_generic_fetch:unsupported:../crypto/evp/evp_fetch.c:375:Global default library context, Algorithm (RC2-40-CBC : 0), Properties () However, when I run: gpgsm --output secret-key.pkcs8 --export-secret-key-p8 $cert_id_goes_hereopenssl pkcs8 -in secret-key.pkcs8 -topk8 -nocrypt -out pkcs8-secret-key.pem That seems to execute if I explicitly state -topk8, and it fails otherwise. I guess that means I need to get the openssl people to explain their documentation to me. Incidentally, the gpgsm manpage puts --export-secret-key-raw & --export-secret-key-p8 together. Before reading more closely and learning that -raw exports in PKCS#1 format, I thought they were synonymous. Consider breaking the two parameters up to make the distinction obvious. With thanks, _______________________________________________ Gnupg-users mailing list [email protected] https://lists.gnupg.org/mailman/listinfo/gnupg-users
