Page MenuHome GnuPG
Create Task
Maniphest T7819

Export of secret S/MIME key with brainpool fails (error converting key parameters)
Open, WishlistPublic
Actions

Description

At least since vsd-3.0.0 the export of Edward's secret smime key (brainpoolP256r1) fails, while Ted's/Berta's key (rsa) works:

C:\Users\g10>gpgsm -K 0x93216FA6
[...]
C:\Users\g10\AppData\Roaming\gnupg\pubring.kbx
----------------------------------------------
           ID: 0x93216FA6
          S/N: 281B974B684B7934
        (dec): 2890069936016423220
       Issuer: /CN=Root-CA 2020/OU=GnuPG.com/O=g10 Code GmbH/C=DE
      Subject: /CN=Edward Tester/OU=demo/O=g10 Code GmbH/C=DE
          aka: edward.tester@demo.gnupg.com
     validity: 2023-03-13 18:31:40 through 2063-04-05 17:00:00
     key type: brainpoolP256r1
    key usage: digitalSignature nonRepudiation keyEncipherment dataEncipherment
  fingerprint: FF:81:0B:92:81:A4:3C:39:4A:A1:38:E9:C7:FD:4C:01:93:21:6F:A6
     sha2 fpr: FC:AE:E9:A6:30:60:E1:68:A7:AC:2C:21:BF:C1:D5:FE:AE:8C:9A:87:61:38:47:F0:16:A3:B3:17:35:97:E5:C6
C:\Users\g10>gpgsm -vvv --debug x509,mpi,ipc --export-secret-key-p12 0x93216FA6
gpgsm: reading options from 'C:/ProgramData/GNU/etc/gnupg/gpgsm.conf'
gpgsm: reading options from '[cmdline]'
[...]
gpgsm: enabled debug flags: x509 mpi ipc
gpgsm: enabled compatibility flags: de-vs-trustlist
gpgsm: DBG: get_keygrip for public key
gpgsm: DBG: keygrip= 0D 26 0B D2 02 53 88 01 8F A9 14 A5 9C 94 10 60 25 9E 73 60
gpgsm: DBG: chan_0x00000260 <- OK Pleased to meet you, process 5392
gpgsm: DBG: connection to agent established
gpgsm: DBG: chan_0x00000260 -> RESET
gpgsm: DBG: chan_0x00000260 <- OK
gpgsm: DBG: chan_0x00000260 -> GETINFO version
gpgsm: DBG: chan_0x00000260 <- D 2.2.48-beta2
gpgsm: DBG: chan_0x00000260 <- OK
gpgsm: DBG: chan_0x00000260 -> OPTION allow-pinentry-notify
gpgsm: DBG: chan_0x00000260 <- OK
gpgsm: DBG: chan_0x00000260 -> GETINFO jent_active
gpgsm: DBG: chan_0x00000260 <- OK
gpgsm: DBG: chan_0x00000260 -> HAVEKEY 0D260BD2025388018FA914A59C941060259E7360
gpgsm: DBG: chan_0x00000260 <- OK
gpgsm: DBG: chan_0x00000260 -> KEYWRAP_KEY --export
gpgsm: DBG: chan_00000260 <- [ 44 20 00 53 a0 33 cb a8 0e 3e 97 92 44 f2 7c 0f ...(2 byte(s) skipped) ]
gpgsm: DBG: chan_0x00000260 <- OK
gpgsm: DBG: chan_0x00000260 -> SETKEYDESC Please+enter+the+passphrase+to+unlock+the+secret+key+for+the+X.509+certificate:%0A%22/CN=Edward+Tester/OU=demo/O=g10+Code+GmbH/C=DE%22%0AS/N+281B974B684B7934,+ID+0x93216FA6,%0Acreated+2023-03-13,+expires+2063-04-05.%0A
gpgsm: DBG: chan_0x00000260 <- OK
gpgsm: DBG: chan_0x00000260 -> EXPORT_KEY 0D260BD2025388018FA914A59C941060259E7360
gpgsm: DBG: chan_0x00000260 <- INQUIRE PINENTRY_LAUNCHED 9564 qt5 1.3.2 - - - - 0/0 -
gpgsm: DBG: chan_0x00000260 -> END
gpgsm: DBG: chan_00000260 <- [ 44 20 10 d4 f4 3e b2 c3 fd 4b 8d 6e a6 8e d7 40 ...(174 byte(s) skipped) ]
gpgsm: DBG: chan_0x00000260 <- OK
gpgsm: error converting key parameters

Details

Version
vsd-3.3.3-beta90.12 @ win10

Event Timeline

timegrid created this task.Wed, Sep 24, 1:17 PM
werner triaged this task as Wishlist priority.Wed, Sep 24, 6:21 PM
werner added a subscriber: werner.

ECC support for X.509 and in particular pkcs#12 format is limited. That is in general not a problem because such certificates are stored on a token and not on disk.