On 09/21/2012 11:37 AM, Joke de Buhr wrote: > hi, > > i discovered the internal error seems to be related to the openpgp key size. > if the key contains just a single signing subkey with 2048 or more bits > gnutls > reports the internal error. a signing subkey with 1024 bits will however. > > moreover the key can contain encryption subkeys up to 4096 bits without > problem as long as the encryption subkey isn't marked for signing. the > authentication flags doesn't seem to have any effect at all. > > the problem seems to be related to the key exchange algorithm. the signature > flag enables DHE_RSA and ECDHE_RSA whereas the encryption flag enable RSA key > exchange. > any comments on how to avoid this problem?
Sorry for the late reply. What you say about the sizes could be because of a static buffer used in gnutls. Could you enable debugging to figure out which place rejects the long keys? About the signing flags, you need them in order to use DHE-RSA and ECDHE-RSA. Those two require RSA signatures. The RSA algorithm requires an RSA encryption key. Does this explain what you notice? regards, Nikos _______________________________________________ Help-gnutls mailing list [email protected] https://lists.gnu.org/mailman/listinfo/help-gnutls
