Bug in gpg-agent? [fwd: Re: OpenPGP card and signing]

Michael Bienia michael at vorlon.ping.de
Mon Mar 20 20:25:22 CET 2006


Hello,

can a developer comment on this?

Short summary:
We want to use an OpenPGP card for signing. When using gpg with
gpg-agent only SHA1 as hash algorithm generates a valid signature. gpg
without gpg-agent generates for both RIPEMD160 and SHA1 valid
signatures.

As a we also want use the OpenPGP card for ssh authentication we are
reliant on the use of gpg-agent.

Thanks,
Michael

----- Forwarded message from Daniel Hess <daniel-gnupg-users at rio-grande.ping.de> -----

Date: Wed, 15 Mar 2006 18:10:28 +0100
Subject: Re: OpenPGP card and signing
From: Daniel Hess <daniel-gnupg-users at rio-grande.ping.de>
To: gnupg-users at gnupg.org

Hello,

as my last mail did not get through, here is a new one (maybe the
list-moderators could drop the old one).

On Tue, Mar 14, 2006 at 11:42:52PM +0100, Michael Bienia wrote:
> On 2006-03-14 08:23:58 +0100, Remco Post wrote:
> > Michael Bienia wrote:
> > > does signing with the OpenPGP card only work with SHA1 as digest-algo?
> > > 
> > > With SHA1 and RIPEMD160 gpg asks for the PIN but only SHA1 generates a
> > > working signature. Trying RIPEMD160 I get:
> > > | gpg: checking created signature failed: bad signature
> > > | gpg: signing failed: bad signature
> > > | gpg: signing failed: bad signature
> > > 
> > 
> > From the basiccard website I read that it only supports sha-1, so this
> > might be true. I noticed the same just recently.

The "OpenPGP Card 1.1" specification mentions that ripemd as digest
(page 35).

> A friend who uses his OpenPGP card with enigmail under windows can
> successfully create a RIPEMD160 signature.
> I could also create one if I use gpg with pcscd.

I could do even without pcscd.

> Can someone explain me, why it works if I use gpg with pcscd and not if
> I use gpg alone?

What Michael has not mentioned was, that he (as well as i) do use
gpg-agent.

Using the agent enables openssh to use the key for public-key auth.

When using the --use-agent switch (with gpg), the agent will communicate
to the openpgp card using scdaemon.

To sign a message gpg will send an PKSIGN command along with the Data to
sign (e.g. the fingerprint of an message). What is missing is the
information about which digest (e.g. sha1 or ripemd160) has been used to
create the fingerprint that should be signed by scdaemon. In
scd/command.c PKSIGN gets mapped to the function cmd_pksig which sets
sha1 as digest when calling app_sign. As this information gets part of
the pgp block which contains the signed data a sha1 signature with the
ripemd160 hash is created. This obviously ends in a bad signature.

Altering the call to app_sign by replacing GCRY_MD_SHA1 with
GCRY_MD_RMD160 enables gpg to create valid ripemd160 signatures, but
also make it impossible to create sha1 signatures.

Maybe gpg and gpg-agent could get altered to pass the digest along with
the call to PKSIGN?

This would be a real improvement :)

Hope that one of the gnupg developers can say something about this.

TIA

Daniel

_______________________________________________
Gnupg-users mailing list
Gnupg-users at gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users


----- End forwarded message -----



More information about the Gnupg-devel mailing list