SHA2 in OpenPGP cards?

Werner Koch wk at
Wed Sep 30 16:00:46 CEST 2009

On Wed, 30 Sep 2009 14:19, simon at said:

> PKCS#1 struct too?  Does the smartcard validate the PKCS#1 data in any
> way before signing it?  I'm thinking also of the ad-hoc MD5/SHA1 data
> used by TLS, it doesn't follow PKCS#1 format.

With the old cards the use of MD5/SHA1 was only possible with the
authentication key but not with the signature key.  The v2 new cards
uses the relaxed check also for the signature key:

   In compliance with PKSC #1, the card checks that the DigestInfo in
   the command data field is not longer than 40% of the length of the
   modulus of the signature key, otherwise the command is rejected.



Die Gedanken sind frei.  Auschnahme regelt ein Bundeschgesetz.

More information about the Gnupg-devel mailing list