SHA2 in OpenPGP cards?
Werner Koch
wk at gnupg.org
Wed Sep 30 16:00:46 CEST 2009
On Wed, 30 Sep 2009 14:19, simon at josefsson.org said:
> PKCS#1 struct too? Does the smartcard validate the PKCS#1 data in any
> way before signing it? I'm thinking also of the ad-hoc MD5/SHA1 data
> used by TLS, it doesn't follow PKCS#1 format.
With the old cards the use of MD5/SHA1 was only possible with the
authentication key but not with the signature key. The v2 new cards
uses the relaxed check also for the signature key:
In compliance with PKSC #1, the card checks that the DigestInfo in
the command data field is not longer than 40% of the length of the
modulus of the signature key, otherwise the command is rejected.
Shalom-Salam,
Werner
--
Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz.
More information about the Gnupg-devel
mailing list