Package: tinyca Version: 0.7.5-1 Followup-For: Bug #328581 I also get the same trouble here with a hanging tinyca while importing a foreign CA. The CA was created with the "easy-rsa" scripts from the "openvpn" package. Basically the script does:
pkitool --interact --initca And the pkitool (part of easy-rsa) in turn - after taking a quick look - runs: openssl req -days ... -nodes -new -x509 -keyout "keys/ca.key" \ -out "keys/ca.crt" -config "openssl.conf" This is my openssl.conf: HOME = . RANDFILE = $ENV::HOME/.rnd oid_section = new_oids [ new_oids ] [ ca ] default_ca = CA_default # The default ca section [ CA_default ] dir = $ENV::KEY_DIR # Where everything is kept certs = $dir # Where the issued certs are kept crl_dir = $dir # Where the issued crl are kept database = $dir/index.txt # database index file. new_certs_dir = $dir # default place for new certs. certificate = $dir/ca.crt # The CA certificate serial = $dir/serial # The current serial number crl = $dir/crl.pem # The current CRL private_key = $dir/ca.key # The private key RANDFILE = $dir/.rand # private random number file x509_extensions = usr_cert # The extentions to add to the cert default_days = 3650 # how long to certify for default_crl_days= 30 # how long before next CRL default_md = md5 # which md to use. preserve = no # keep passed DN ordering policy = policy_anything [ policy_match ] countryName = match stateOrProvinceName = match organizationName = match organizationalUnitName = optional commonName = supplied emailAddress = optional [ policy_anything ] countryName = optional stateOrProvinceName = optional localityName = optional organizationName = optional organizationalUnitName = optional commonName = supplied emailAddress = optional [ req ] default_bits = $ENV::KEY_SIZE default_keyfile = privkey.pem distinguished_name = req_distinguished_name attributes = req_attributes x509_extensions = v3_ca # The extentions to add to the self signed cert string_mask = nombstr [ req_distinguished_name ] countryName = Country Name (2 letter code) countryName_default = $ENV::KEY_COUNTRY countryName_min = 2 countryName_max = 2 stateOrProvinceName = State or Province Name (full name) stateOrProvinceName_default = $ENV::KEY_PROVINCE localityName = Locality Name (eg, city) localityName_default = $ENV::KEY_CITY 0.organizationName = Organization Name (eg, company) 0.organizationName_default = $ENV::KEY_ORG organizationalUnitName = Organizational Unit Name (eg, section) commonName = Common Name (eg, your name or your server\'s hostname) commonName_max = 64 emailAddress = Email Address emailAddress_default = $ENV::KEY_EMAIL emailAddress_max = 40 [ req_attributes ] challengePassword = A challenge password challengePassword_min = 4 challengePassword_max = 20 unstructuredName = An optional company name [ usr_cert ] basicConstraints=CA:FALSE nsComment = "OpenSSL Generated Certificate" subjectKeyIdentifier=hash authorityKeyIdentifier=keyid,issuer:always [ server ] basicConstraints=CA:FALSE nsCertType = server nsComment = "OpenSSL Generated Server Certificate" subjectKeyIdentifier=hash authorityKeyIdentifier=keyid,issuer:always extendedKeyUsage=serverAuth keyUsage = digitalSignature, keyEncipherment [ v3_req ] basicConstraints = CA:FALSE keyUsage = nonRepudiation, digitalSignature, keyEncipherment [ v3_ca ] subjectKeyIdentifier=hash authorityKeyIdentifier=keyid:always,issuer:always basicConstraints = CA:true [ crl_ext ] authorityKeyIdentifier=keyid:always,issuer:always Additionally I touched the keys/index.txt, ran tinyca and tried to import the CA. The CA's private key was not protected by a passphrase by the way. The footer line of the main TinyCA2 window showed that it wants to import my keys/ca.key. I then ran tinyca in an strace session and these are the last lines: open("/home/ca/debug/keys/ca.key", O_RDONLY|O_LARGEFILE) = 8 ioctl(8, SNDCTL_TMR_TIMEBASE or TCGETS, 0xbf87a058) = -1 ENOTTY (Inappropriate ioctl for device) _llseek(8, 0, [0], SEEK_CUR) = 0 fstat64(8, {st_mode=S_IFREG|0600, st_size=1679, ...}) = 0 fcntl64(8, F_SETFD, FD_CLOEXEC) = 0 read(8, "-----BEGIN RSA PRIVATE KEY-----\n"..., 4096) = 1679 read(8, "", 4096) = 0 stat64("/home/ca/.TinyCA/tmp/dataVHOOIJWJ", 0x81510c8) = -1 ENOENT (No such file or directory) pipe([9, 10]) = 0 ioctl(9, SNDCTL_TMR_TIMEBASE or TCGETS, 0xbf87a1e8) = -1 EINVAL (Invalid argument) _llseek(9, 0, 0xbf87a230, SEEK_CUR) = -1 ESPIPE (Illegal seek) ioctl(10, SNDCTL_TMR_TIMEBASE or TCGETS, 0xbf87a1e8) = -1 EINVAL (Invalid argument) _llseek(10, 0, 0xbf87a230, SEEK_CUR) = -1 ESPIPE (Illegal seek) fcntl64(9, F_SETFD, FD_CLOEXEC) = 0 fcntl64(10, F_SETFD, FD_CLOEXEC) = 0 pipe([11, 12]) = 0 ioctl(11, SNDCTL_TMR_TIMEBASE or TCGETS, 0xbf87a1e8) = -1 EINVAL (Invalid argument) _llseek(11, 0, 0xbf87a230, SEEK_CUR) = -1 ESPIPE (Illegal seek) ioctl(12, SNDCTL_TMR_TIMEBASE or TCGETS, 0xbf87a1e8) = -1 EINVAL (Invalid argument) _llseek(12, 0, 0xbf87a230, SEEK_CUR) = -1 ESPIPE (Illegal seek) fcntl64(11, F_SETFD, FD_CLOEXEC) = 0 fcntl64(12, F_SETFD, FD_CLOEXEC) = 0 clone(child_stack=0, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0xb7dbb928) = 15393 close(9) = 0 close(12) = 0 write(10, "-----BEGIN RSA PRIVATE KEY-----\n"..., 1680) = 1680 read(11, This is where tinyca hangs. I'd be glad if this gets resolved because there does not seem to be any other decent GUI for maintaining a CA. Christoph -- System Information: Debian Release: testing/unstable APT prefers testing APT policy: (500, 'testing') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.15-1-686 Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to de_DE.UTF-8) Versions of packages tinyca depends on: ii libgtk2-perl 1:1.121-1 Perl interface to the 2.x series o ii liblocale-gettext-perl 1.05-1 Using libc functions for internati ii openssl 0.9.8b-2 Secure Socket Layer (SSL) binary a Versions of packages tinyca recommends: pn zip <none> (no description available) -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]