Also, creating examples and a self test for the OpenPGP stuff would be useful. Have you managed to get it to work at all? I tried this:
[EMAIL PROTECTED]:~/src/gnutls$ gpg -a --export-secret-keys b565716f > ~/privkey.gpg The above step would be nice to avoid, btw, although I'm not exactly sure which file formats are supported/required. This area seems under-documented. Starting the server: [EMAIL PROTECTED]:~/src/gnutls$ /home/jas/src/gnutls/src/gnutls-serv --pgpkeyring ~/.gnupg/pubring.gpg --pgptrustdb ~/.gnupg/secring.gpg --pgpkeyfile ~/privkey.gpg --pgpcertfile ~/josefsson.org/key.txt Echo Server ready. Listening to port '5556'. Error in handshake Error: Decryption has failed. Starting the client: [EMAIL PROTECTED]:~/src/gnutls$ /home/jas/src/gnutls/src/gnutls-cli --pgpkeyring ~/.gnupg/pubring.gpg --pgptrustdb ~/.gnupg/secring.gpg --pgpkeyfile ~/privkey.gpg --pgpcertfile ~/josefsson.org/key.txt --port 5556 localhost Processed 1 client PGP certificate... Resolving 'localhost'... Connecting to '127.0.0.1:5556'... *** Fatal error: A TLS fatal alert has been received. *** Received alert [20]: Bad record MAC *** Handshake has failed GNUTLS ERROR: A TLS fatal alert has been received. [EMAIL PROTECTED]:~/src/gnutls$ Enabling debugging in the server indicate this: |<2>| ASSERT: gnutls_pk.c:283 |<2>| ASSERT: auth_rsa.c:258 |<1>| auth_rsa: Possible PKCS #1 format attack However, if I look at the decrypted RSA signature, it is just garbage. Probably it is using the wrong private or public key. I think the OpenPGP integration in GnuTLS generally needs some TLC, and if you have time to work on it, that would appreciated. Thanks, Simon _______________________________________________ Help-gnutls mailing list [email protected] http://lists.gnu.org/mailman/listinfo/help-gnutls
