Patches gpg-agent + scute for ssl/tls auth using opengpg card with 2048 rsa key
dgouttegattat at incenp.org
Tue Sep 2 14:17:40 CEST 2014
> The two patches below against gpg-agent (gnupg2-2.0.26)  and
> scute-1.4.0  allow ssl/tls auth using an opengpg card with 2048
> rsa key.
First of all, your patches work for me and I thank you for that, I was
struggling to make Scute work with a recent Firefox.
But, are you sure this has anything to do with the size of the RSA key?
It seems that the problem you are addressing is rather caused by a
change between TLS 1.1 (or less) and TLS 1.2.
Indeed, disabling TLS 1.2 in Firefox (by setting the variable
security.tls.version.max to "2" instead of "3" in about:config) is
enough to make Scute work for me, even with a 2048-bit RSA key and even
without your patches.
According to a bug report in Mozilla’s NSS library , the change
introduced by TLS 1.2 is that the data to be signed is no longer a
"MD5+SHA1 hash" (36 bytes, which is the length expected by GPG-Agent),
but is instead an ASN.1 structure representing a DigestInfo object (35
or 51 bytes total, depending on the hash used).
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 473 bytes
Desc: OpenPGP digital signature
More information about the Gnupg-devel