Patches gpg-agent + scute for ssl/tls auth using opengpg card with 2048 rsa key
wk at gnupg.org
Fri Sep 12 13:36:37 CEST 2014
On Tue, 2 Sep 2014 14:17, dgouttegattat at incenp.org said:
> According to a bug report in Mozilla’s NSS library , the change
> introduced by TLS 1.2 is that the data to be signed is no longer a
> "MD5+SHA1 hash" (36 bytes, which is the length expected by GPG-Agent),
> but is instead an ASN.1 structure representing a DigestInfo object (35
> or 51 bytes total, depending on the hash used).
In this case only Scute needs to be changed. gpg-agent's SETHASH
expects the raw hash and information on the hash algorithm.
The reason why it works anyway with that patch is that some lower level
parts of gpg-agemt/scdaemon have less restrictions than SETHASH and
remove known ASN.1 prefixes from the hash.
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
More information about the Gnupg-devel