The changelog states that there was a major refactoring of the `P12` framework. I hope this module will continue to get attention so that the UX can be smoother.
The issue I have is that the certificate fails to get imported, but the error does not tell much about the source of the error:
```
gpgsm: reading options from '[cmdline]'
gpgsm: enabled debug flags: x509 mpi crypto memory cache memstat hashing ipc clock lookup
gpgsm: enabled compatibility flags:
gpgsm: DBG: chan_4 <- OK Pleased to meet you, process 28032
gpgsm: DBG: connection to the gpg-agent established
gpgsm: DBG: chan_4 -> RESET
gpgsm: DBG: chan_4 <- OK
gpgsm: DBG: chan_4 -> OPTION ttyname=/dev/pts/5
gpgsm: DBG: chan_4 <- OK
gpgsm: DBG: chan_4 -> OPTION ttytype=xterm-256color
gpgsm: DBG: chan_4 <- OK
gpgsm: DBG: chan_4 -> OPTION display=:0
gpgsm: DBG: chan_4 <- OK
gpgsm: DBG: chan_4 -> OPTION xauthority=/run/user/53209/xauth_tWumDA
gpgsm: DBG: chan_4 <- OK
gpgsm: DBG: chan_4 -> OPTION putenv=XMODIFIERS=@im=fcitx5
gpgsm: DBG: chan_4 <- OK
gpgsm: DBG: chan_4 -> OPTION putenv=WAYLAND_DISPLAY=wayland-0
gpgsm: DBG: chan_4 <- OK
gpgsm: DBG: chan_4 -> OPTION putenv=XDG_SESSION_TYPE=wayland
gpgsm: DBG: chan_4 <- OK
gpgsm: DBG: chan_4 -> OPTION putenv=DBUS_SESSION_BUS_ADDRESS=unix:path=/run/user/53209/bus
gpgsm: DBG: chan_4 <- OK
gpgsm: DBG: chan_4 -> OPTION putenv=QT_IM_MODULE=fcitx
gpgsm: DBG: chan_4 <- OK
gpgsm: DBG: chan_4 -> OPTION lc-ctype=en_US.UTF-8
gpgsm: DBG: chan_4 <- OK
gpgsm: DBG: chan_4 -> OPTION lc-messages=en_US.UTF-8
gpgsm: DBG: chan_4 <- OK
gpgsm: DBG: chan_4 -> GETINFO version
gpgsm: DBG: chan_4 <- D 2.4.3
gpgsm: DBG: chan_4 <- OK
gpgsm: DBG: chan_4 -> OPTION allow-pinentry-notify
gpgsm: DBG: chan_4 <- OK
gpgsm: DBG: chan_4 -> GET_PASSPHRASE --data -- X X X Please+enter+the+passphrase+to+unprotect+the+PKCS#12+object.
gpgsm: DBG: chan_4 <- INQUIRE PINENTRY_LAUNCHED 28034 qt 1.2.1 /dev/pts/5 xterm-256color :0 20600/53209/5 53209/3512 0
gpgsm: DBG: chan_4 -> END
gpgsm: DBG: chan_4 <- D testers
gpgsm: DBG: chan_4 <- OK
gpgsm: DBG: p12_parse(tlv_next): ti.class=0 tag=16 len=5025 nhdr=4 cons
gpgsm: DBG: p12_parse(tlv_next): ti.class=0 tag=2 len=1 nhdr=2
gpgsm: DBG: p12_parse(tlv_next): ti.class=0 tag=16 len=4897 nhdr=4 cons
gpgsm: DBG: p12_parse(tlv_next): ti.class=0 tag=6 len=9 nhdr=2
gpgsm: DBG: p12_parse(tlv_next): ti.class=2 tag=0 len=4882 nhdr=4 cons
gpgsm: DBG: p12_parse(tlv_next): ti.class=0 tag=4 len=4878 nhdr=4
gpgsm: DBG: p12_parse(tlv_next): ti.class=0 tag=16 len=0 nhdr=2 cons ndef
gpgsm: error parsing or decrypting the PKCS#12 file
gpgsm: total number processed: 0
random usage: poolsize=600 mixed=0 polls=0/0 added=0/0
outmix=0 getlvl1=0/0 getlvl2=0/0
secmem usage: 0/16384 bytes in 0 blocks
```
Bellow is the output of `openssl storeutl`:
```
0: Pkey
Private-Key: (384 bit)
priv:
Haha, no.
pub:
04:f0:d8:d3:85:78:99:a7:a9:52:97:66:bd:b3:b0:
92:0b:83:7c:3d:d2:cc:e6:48:70:65:7f:bb:3c:b3:
01:66:69:ba:43:99:96:df:82:2c:df:58:b4:f1:57:
4b:59:f6:bf:2a:02:19:98:ad:3d:8a:35:42:f0:2c:
84:44:22:2a:a7:43:b8:cc:47:d0:5c:8d:2d:68:f6:
c1:fe:d7:3f:42:bb:35:40:7c:f3:6a:6c:1d:5d:24:
c3:27:8c:d5:60:c6:1f
ASN1 OID: secp384r1
NIST CURVE: P-384
1: Certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
92:da:f1:1e:11:f4:48:79:dc:82:8e:d8:28:59:b5:c9
Signature Algorithm: ecdsa-with-SHA256
Issuer: C=NL, O=GEANT Vereniging, CN=GEANT Personal ECC CA 4
Validity
Not Before: Oct 10 00:00:00 2023 GMT
Not After : Oct 9 23:59:59 2024 GMT
Subject: C=DE, ST=Bayern, O=Max-Planck-Gesellschaft zur F\xC3\xB6rderung der Wissenschaften e.V./organizationIdentifier=LEIXG-894500C5L6W4ADC12P82/emailAddress=cristian.le@mpsd.mpg.de, SN=Le, GN=Cristian, CN=Cristian Le
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (384 bit)
pub:
04:f0:d8:d3:85:78:99:a7:a9:52:97:66:bd:b3:b0:
92:0b:83:7c:3d:d2:cc:e6:48:70:65:7f:bb:3c:b3:
01:66:69:ba:43:99:96:df:82:2c:df:58:b4:f1:57:
4b:59:f6:bf:2a:02:19:98:ad:3d:8a:35:42:f0:2c:
84:44:22:2a:a7:43:b8:cc:47:d0:5c:8d:2d:68:f6:
c1:fe:d7:3f:42:bb:35:40:7c:f3:6a:6c:1d:5d:24:
c3:27:8c:d5:60:c6:1f
ASN1 OID: secp384r1
NIST CURVE: P-384
X509v3 extensions:
X509v3 Authority Key Identifier:
A8:2D:6D:81:32:64:8D:E6:B2:4F:AC:FE:11:F2:65:99:85:13:A9:6E
X509v3 Subject Key Identifier:
D5:79:F4:70:5D:80:2F:E8:65:D2:B2:57:BD:39:55:1D:1E:B2:CD:28
X509v3 Key Usage: critical
Digital Signature, Key Agreement
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Extended Key Usage:
E-mail Protection, TLS Web Client Authentication
X509v3 Certificate Policies:
Policy: 1.3.6.1.4.1.6449.1.2.1.10.4
CPS: https://sectigo.com/SMIMECPS
Policy: 2.23.140.1.5.3.2
X509v3 CRL Distribution Points:
Full Name:
URI:http://GEANT.crl.sectigo.com/GEANTPersonalECCCA4.crl
Authority Information Access:
CA Issuers - URI:http://GEANT.crt.sectigo.com/GEANTPersonalECCCA4.crt
OCSP - URI:http://GEANT.ocsp.sectigo.com
X509v3 Subject Alternative Name:
email:cristian.le@mpsd.mpg.de
Signature Algorithm: ecdsa-with-SHA256
Signature Value:
30:46:02:21:00:eb:42:71:63:71:fd:9f:14:26:3c:60:5f:00:
d7:58:d3:5e:f9:4e:32:78:70:57:d7:8d:75:5f:95:b2:25:68:
ae:02:21:00:d5:39:9b:a8:a6:2d:fd:60:51:a8:1f:a7:45:92:
bc:9e:84:e1:73:16:a1:78:63:59:84:bd:48:2f:5d:a6:e6:0d
No Trusted Uses.
No Rejected Uses.
Key Id: B8:C7:87:B3:12:9C:B9:9F:72:C4:D0:A5:93:E8:5D:C0:03:34:42:19
2: Certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
76:90:21:7d:fe:5d:d6:c2:c4:50:27:c5:dc:d1:5a:26
Signature Algorithm: ecdsa-with-SHA384
Issuer: C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust ECC Certification Authority
Validity
Not Before: Feb 18 00:00:00 2020 GMT
Not After : May 1 23:59:59 2033 GMT
Subject: C=NL, O=GEANT Vereniging, CN=GEANT Personal ECC CA 4
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (256 bit)
pub:
04:18:67:67:11:e0:ee:6d:7d:db:24:83:63:4d:a3:
7e:3a:36:8c:a8:7a:74:23:5a:15:90:12:54:d0:43:
e6:eb:98:cc:6b:e6:57:96:d4:07:e9:00:9f:5b:b1:
a5:1a:76:c0:89:26:70:39:c9:c1:48:4d:88:d7:7e:
5f:d7:bd:f3:e4
ASN1 OID: prime256v1
NIST CURVE: P-256
X509v3 extensions:
X509v3 Authority Key Identifier:
3A:E1:09:86:D4:CF:19:C2:96:76:74:49:76:DC:E0:35:C6:63:63:9A
X509v3 Subject Key Identifier:
A8:2D:6D:81:32:64:8D:E6:B2:4F:AC:FE:11:F2:65:99:85:13:A9:6E
X509v3 Key Usage: critical
Digital Signature, Certificate Sign, CRL Sign
X509v3 Basic Constraints: critical
CA:TRUE, pathlen:0
X509v3 Extended Key Usage:
TLS Web Client Authentication, E-mail Protection
X509v3 Certificate Policies:
Policy: X509v3 Any Policy
CPS: https://sectigo.com/CPS
X509v3 CRL Distribution Points:
Full Name:
URI:http://crl.usertrust.com/USERTrustECCCertificationAuthority.crl
Authority Information Access:
CA Issuers - URI:http://crt.usertrust.com/USERTrustECCAddTrustCA.crt
OCSP - URI:http://ocsp.usertrust.com
Signature Algorithm: ecdsa-with-SHA384
Signature Value:
30:65:02:31:00:82:5f:a3:f7:da:8a:3b:46:20:08:93:50:c8:
7a:46:4c:9c:51:99:c1:8f:b1:26:86:79:1f:20:a1:19:cd:4d:
72:eb:a9:9e:1e:c4:ce:e9:2b:d4:49:cb:f8:cc:80:84:d7:02:
30:3e:83:95:23:16:13:92:3e:f8:e0:6f:ce:79:d7:d6:7a:63:
be:7b:4b:70:aa:20:02:b0:0f:8c:b8:25:18:67:b2:98:5b:78:
53:aa:5d:cb:bf:c2:d3:f9:a2:1c:23:ee:0c
3: Certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
56:67:1d:04:ea:4f:99:4c:6f:10:81:47:59:d2:75:94
Signature Algorithm: sha384WithRSAEncryption
Issuer: C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services
Validity
Not Before: Mar 12 00:00:00 2019 GMT
Not After : Dec 31 23:59:59 2028 GMT
Subject: C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust ECC Certification Authority
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (384 bit)
pub:
04:1a:ac:54:5a:a9:f9:68:23:e7:7a:d5:24:6f:53:
c6:5a:d8:4b:ab:c6:d5:b6:d1:e6:73:71:ae:dd:9c:
d6:0c:61:fd:db:a0:89:03:b8:05:14:ec:57:ce:ee:
5d:3f:e2:21:b3:ce:f7:d4:8a:79:e0:a3:83:7e:2d:
97:d0:61:c4:f1:99:dc:25:91:63:ab:7f:30:a3:b4:
70:e2:c7:a1:33:9c:f3:bf:2e:5c:53:b1:5f:b3:7d:
32:7f:8a:34:e3:79:79
ASN1 OID: secp384r1
NIST CURVE: P-384
X509v3 extensions:
X509v3 Authority Key Identifier:
A0:11:0A:23:3E:96:F1:07:EC:E2:AF:29:EF:82:A5:7F:D0:30:A4:B4
X509v3 Subject Key Identifier:
3A:E1:09:86:D4:CF:19:C2:96:76:74:49:76:DC:E0:35:C6:63:63:9A
X509v3 Key Usage: critical
Digital Signature, Certificate Sign, CRL Sign
X509v3 Basic Constraints: critical
CA:TRUE
X509v3 Certificate Policies:
Policy: X509v3 Any Policy
X509v3 CRL Distribution Points:
Full Name:
URI:http://crl.comodoca.com/AAACertificateServices.crl
Authority Information Access:
OCSP - URI:http://ocsp.comodoca.com
Signature Algorithm: sha384WithRSAEncryption
Signature Value:
19:ec:eb:9d:89:2c:20:0b:04:80:1d:18:de:42:99:72:99:16:
32:bd:0e:9c:75:5b:2c:15:e2:29:40:6d:ee:ff:72:db:db:ab:
90:1f:8c:95:f2:8a:3d:08:72:42:89:50:07:e2:39:15:6c:01:
87:d9:16:1a:f5:c0:75:2b:c5:e6:56:11:07:df:d8:98:bc:7c:
9f:19:39:df:8b:ca:00:64:73:bc:46:10:9b:93:23:8d:be:16:
c3:2e:08:82:9c:86:33:74:76:3b:28:4c:8d:03:42:85:b3:e2:
b2:23:42:d5:1f:7a:75:6a:1a:d1:7c:aa:67:21:c4:33:3a:39:
6d:53:c9:a2:ed:62:22:a8:bb:e2:55:6c:99:6c:43:6b:91:97:
d1:0c:0b:93:02:1d:d2:bc:69:77:49:e6:1b:4d:f7:bf:14:78:
03:b0:a6:ba:0b:b4:e1:85:7f:2f:dc:42:3b:ad:74:01:48:de:
d6:6c:e1:19:98:09:5e:0a:b3:67:47:fe:1c:e0:d5:c1:28:ef:
4a:8b:44:31:26:04:37:8d:89:74:36:2e:ef:a5:22:0f:83:74:
49:92:c7:f7:10:c2:0c:29:fb:b7:bd:ba:7f:e3:5f:d5:9f:f2:
a9:f4:74:d5:b8:e1:b3:b0:81:e4:e1:a5:63:a3:cc:ea:04:78:
90:6e:bf:f7
4: Certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1 (0x1)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services
Validity
Not Before: Jan 1 00:00:00 2004 GMT
Not After : Dec 31 23:59:59 2028 GMT
Subject: C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:be:40:9d:f4:6e:e1:ea:76:87:1c:4d:45:44:8e:
be:46:c8:83:06:9d:c1:2a:fe:18:1f:8e:e4:02:fa:
f3:ab:5d:50:8a:16:31:0b:9a:06:d0:c5:70:22:cd:
49:2d:54:63:cc:b6:6e:68:46:0b:53:ea:cb:4c:24:
c0:bc:72:4e:ea:f1:15:ae:f4:54:9a:12:0a:c3:7a:
b2:33:60:e2:da:89:55:f3:22:58:f3:de:dc:cf:ef:
83:86:a2:8c:94:4f:9f:68:f2:98:90:46:84:27:c7:
76:bf:e3:cc:35:2c:8b:5e:07:64:65:82:c0:48:b0:
a8:91:f9:61:9f:76:20:50:a8:91:c7:66:b5:eb:78:
62:03:56:f0:8a:1a:13:ea:31:a3:1e:a0:99:fd:38:
f6:f6:27:32:58:6f:07:f5:6b:b8:fb:14:2b:af:b7:
aa:cc:d6:63:5f:73:8c:da:05:99:a8:38:a8:cb:17:
78:36:51:ac:e9:9e:f4:78:3a:8d:cf:0f:d9:42:e2:
98:0c:ab:2f:9f:0e:01:de:ef:9f:99:49:f1:2d:df:
ac:74:4d:1b:98:b5:47:c5:e5:29:d1:f9:90:18:c7:
62:9c:be:83:c7:26:7b:3e:8a:25:c7:c0:dd:9d:e6:
35:68:10:20:9d:8f:d8:de:d2:c3:84:9c:0d:5e:e8:
2f:c9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A0:11:0A:23:3E:96:F1:07:EC:E2:AF:29:EF:82:A5:7F:D0:30:A4:B4
X509v3 Key Usage: critical
Certificate Sign, CRL Sign
X509v3 Basic Constraints: critical
CA:TRUE
X509v3 CRL Distribution Points:
Full Name:
URI:http://crl.comodoca.com/AAACertificateServices.crl
Full Name:
URI:http://crl.comodo.net/AAACertificateServices.crl
Signature Algorithm: sha1WithRSAEncryption
Signature Value:
08:56:fc:02:f0:9b:e8:ff:a4:fa:d6:7b:c6:44:80:ce:4f:c4:
c5:f6:00:58:cc:a6:b6:bc:14:49:68:04:76:e8:e6:ee:5d:ec:
02:0f:60:d6:8d:50:18:4f:26:4e:01:e3:e6:b0:a5:ee:bf:bc:
74:54:41:bf:fd:fc:12:b8:c7:4f:5a:f4:89:60:05:7f:60:b7:
05:4a:f3:f6:f1:c2:bf:c4:b9:74:86:b6:2d:7d:6b:cc:d2:f3:
46:dd:2f:c6:e0:6a:c3:c3:34:03:2c:7d:96:dd:5a:c2:0e:a7:
0a:99:c1:05:8b:ab:0c:2f:f3:5c:3a:cf:6c:37:55:09:87:de:
53:40:6c:58:ef:fc:b6:ab:65:6e:04:f6:1b:dc:3c:e0:5a:15:
c6:9e:d9:f1:59:48:30:21:65:03:6c:ec:e9:21:73:ec:9b:03:
a1:e0:37:ad:a0:15:18:8f:fa:ba:02:ce:a7:2c:a9:10:13:2c:
d4:e5:08:26:ab:22:97:60:f8:90:5e:74:d4:a2:9a:53:bd:f2:
a9:68:e0:a2:6e:c2:d7:6c:b1:a3:0f:9e:bf:eb:68:e7:56:f2:
ae:f2:e3:2b:38:3a:09:81:b5:6b:85:d7:be:2d:ed:3f:1a:b7:
b2:63:e2:f5:62:2c:82:d4:6a:00:41:50:f1:39:83:9f:95:e9:
36:96:98:6e
Total found: 5
```
I have tried:
- The usual importing/exporting through firefox, but I think that should be irrelevant after the refactor, and it didn't work anyway.
- Stripping out the trust chain and importing only the leaf certificate
- Clearing out the database and importing it again