Hello! On 22. 11. 2016 08:06, Werner Koch wrote: > That is unfortunate because all modern implementations use the > indirect signing method (using the attribute 1.2.840.113549.1.9.4). > GPGSM is able to verify the old direct signing method but it can't > create such an old signature.
This explains why my quick hack with just removing the signed attributes didn't work (I could remove everything but the messageDigest). The indirect method uses the messageDigest that is part of the signed attributes, right? I've also looked into how OpenSSL does it and noticed that the signing part is done differently when the CMS_NOATTR flag is passed. I've quickly looked at the CMS RFCs, but they seem quite heavy. I would be grateful for any quick pointers you might have. > Instead of doing that I would suggest to extend Linux and implement > verification of the indirect signature. An update to gpgsm would then > be simple by adding an option to not emit any of the other signed > attributes, Yes, that would probably be the best option and I am not sure why they didn't do it this way. I also don't like that the default way to sign things in the Linux kernel assumes that the private key is available in a local file, as this is way less secure than storing it in a HSM. Had they used gpgsm from the start, they would also find the need to support indirect signatures. Unfortunately I need this in a current system, so I might just look around libksba when I find some more time. Thanks for making things more clear! Jernej
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
