Problem importing DEKART Certificate
Werner Koch
wk@gnupg.org
Thu May 15 15:50:02 2003
On Tue, 13 May 2003 16:03:46 +0300, max said:
> gpgsm: unknown hash algorithm `1.3.14.3.2.13'
That is the old and flawed SHA (SHA-0) algorithm. Peter Gutmann has to
write this on it:
Oddball OIW OID. Incorrectly used by JDK 1.1 in place of (1 3 14 3
2 27) Their response was that they know it's wrong, but noone uses
SHA0 so it won't cause any problems, right?
> I tried to find something like this in source files of Agypten project, but
> hopeless.
You need to look into libgcrypt (cipher/md.c) and libksba. There are
tables for mapping the OIDs. Map that one to SHA-1. I won't put such
bogus mapping into libgcrypt, though.
I would not trust such CA as they have obviously never checked what
they are really doing. Sadly this is true for a majority of CAs :-(
Salam-Shalom,
Werner
--
Nonviolence is the greatest force at the disposal of
mankind. It is mightier than the mightiest weapon of
destruction devised by the ingenuity of man. -Gandhi