gpgsm unable to import a PKCS12 file with a NULL password
Open, NormalPublic

Description

Consider the PKCS12 object for "Bob" found in S/MIME Example Keys and Certificates.

gpgsm appears to be unable to import it, yielding the following error messages:

gpgsm: 992 bytes of 3DES encrypted text
gpgsm: decryption failed; trying charset 'ISO-8859-1'
gpgsm: decryption failed; trying charset 'ISO-8859-15'
gpgsm: decryption failed; trying charset 'ISO-8859-2'
gpgsm: decryption failed; trying charset 'ISO-8859-3'
gpgsm: decryption failed; trying charset 'ISO-8859-4'
gpgsm: decryption failed; trying charset 'ISO-8859-5'
gpgsm: decryption failed; trying charset 'ISO-8859-6'
gpgsm: decryption failed; trying charset 'ISO-8859-7'
gpgsm: decryption failed; trying charset 'ISO-8859-8'
gpgsm: decryption failed; trying charset 'ISO-8859-9'
gpgsm: decryption failed; trying charset 'KOI8-R'
gpgsm: decryption failed; trying charset 'IBM437'
gpgsm: decryption failed; trying charset 'IBM850'
gpgsm: decryption failed; trying charset 'EUC-JP'
gpgsm: decryption failed; trying charset 'BIG5'
gpgsm: encryptedData error at "outer.outer.seq", offset 2
gpgsm: possibly bad passphrase given
gpgsm: error at "bag.encryptedData", offset 49
gpgsm: error parsing or decrypting the PKCS#12 file
gpgsm: total number processed: 0

The PKCS#12 object was generated with certtool's --null-password option.

I suspect what's happening is that gpgsm asks for a password, gets an empty string, then tries the empty string in lots of different encodings, but never tries to use an ASN.1 NULL object as the password, but i have not tried to fix it.

If this is the right issue, it's probably fixable in decrypt_block in sm/minip12.c

Details

Version
2.2.17
dkg created this task.Nov 21 2019, 4:22 AM
werner triaged this task as Normal priority.