gpgsm/smartcard/AES

Sven Plaga gpgsm at plaga.de
Mon Nov 25 14:55:05 CET 2013


Hi,
at my company we are using safesign smartcards for SMIME. Using this 
smartcard with gpgsm, I've noticed that it is not possible to decrypt 
AES encrypted E-Mails.

With the following patch, it is possible to decrypt the AES message:


--- original/gnupg2-2.0.19/sm/decrypt.c 2012-03-27 10:00:38.000000000 
+0200
+++ BugReport/gnupg2-2.0.19/sm/decrypt.c        2013-11-25 
14:40:34.760667458 +0100
@@ -73,7 +73,7 @@ prepare_decryption (ctrl_t ctrl, const c
      log_printhex ("pkcs1 encoded session key:", seskey, seskeylen);

    n=0;
-  if (seskeylen == 24)
+  if (1)
      {
        /* Smells like a 3-des key.  This might happen because a SC has
           already done the unpacking. */


As the AES-key has a length of 32 bytes, a possible work-around would 
be the insertion of an additional if-check for seskeylen == 32 -- But I 
am not sure if there are possible collisions with non-unpacked (see [1]) 
keys.

Is there an easy way to check if the key is already unpacked?


Kind Regards

Sven Plaga

[1] 
https://github.com/matsuu/gnupg/commit/dc8f3ee42c4bd873ddce57098c23ca5dbd445fff



More information about the Gnupg-devel mailing list