gpgsm/smartcard/AES
Sven Plaga
gpgsm at plaga.de
Mon Nov 25 14:55:05 CET 2013
Hi,
at my company we are using safesign smartcards for SMIME. Using this
smartcard with gpgsm, I've noticed that it is not possible to decrypt
AES encrypted E-Mails.
With the following patch, it is possible to decrypt the AES message:
--- original/gnupg2-2.0.19/sm/decrypt.c 2012-03-27 10:00:38.000000000
+0200
+++ BugReport/gnupg2-2.0.19/sm/decrypt.c 2013-11-25
14:40:34.760667458 +0100
@@ -73,7 +73,7 @@ prepare_decryption (ctrl_t ctrl, const c
log_printhex ("pkcs1 encoded session key:", seskey, seskeylen);
n=0;
- if (seskeylen == 24)
+ if (1)
{
/* Smells like a 3-des key. This might happen because a SC has
already done the unpacking. */
As the AES-key has a length of 32 bytes, a possible work-around would
be the insertion of an additional if-check for seskeylen == 32 -- But I
am not sure if there are possible collisions with non-unpacked (see [1])
keys.
Is there an easy way to check if the key is already unpacked?
Kind Regards
Sven Plaga
[1]
https://github.com/matsuu/gnupg/commit/dc8f3ee42c4bd873ddce57098c23ca5dbd445fff
More information about the Gnupg-devel
mailing list