Open szszszsz opened 6 years ago
For the OpenPGP Card, a X.509 certificate is just a blob and you could store any type of data instead. I guess it is the same for Gnuk. The most common root cause is that the certificate is too large for the available space.
I see. Tested sizes were from 1600 to 2300 bytes. Perhaps smaller would do.
btw: related to this OpenSC issue
How did you test the import? OpenSC seems to work again now. Please see the OpenSC issue.
To retest
What exactly? Importing certs is working fine in OpenSC now. The gnuk_put_binary script seems to be broken.
I mean to reproduce the original issue from the forum, as far as possible. If you have confirmed it works earlier, then it could be closed.
Is it the same story, as with https://support.nitrokey.com/t/unable-to-store-signed-certificate-on-nitrokey-start/971 ?
It is indeed still not working for GnuPG. But I have no idea if it ever did in the first place. As far as I know the firmware of the start is a bit special regarding the import of certs, thus the import script (that is currently broken) and special handling in OpenSC for Gnuk (which works fine for OpenSC 0.19).
I think this is not an issue of the firmware. Therefore, I would close this issue here. We could ask on gnuk-users to make sure that this is not fixable in GnuPG. As NIIBE is a maintainer of GnuPG I would be surprised if he would not have thought about implementing it if feasible.
Importing x509 certificate results in an error. It is mentioned, that GNUK accepts certificate only in binary format, but it is not specified which one. DER format was not working. Perhaps the test file itself was invalid - to check.
Example conversion command using
openssl x509
:Firmware: RTM.6 / GNUK 1.2.10 (latest GNUK). Source: https://support.nitrokey.com/t/failed-to-write-x509-cert-to-nitrokey-start/1127