Patches gpg-agent + scute for ssl/tls auth using opengpg card with 2048 rsa key
Oliver Winker
oliverml1 at oli1170.net
Fri Sep 12 21:07:48 CEST 2014
Hi Werner,
Just made a test using a scute-1.4.0 with your patch applied and an unpatched
gnupg2-2.0.26, but it didn't work:
Iceweasel:
---
A PKCS #11 module returned CKR_FUNCTION_FAILED, indicating that the requested
function could not be performed. Trying the same operation again might
succeed.
---
Also still tried then with my patched gnupg2-2.0.26, but same result. Probably
it fails somewhere inside scute.
Unfortunately probably I'll won't have so much time during this weekend, but I
could try to trace it during next week. Last time I used the SCUTE_DEBUG
facility and via stracing iceweasel, gpg-agent and scdaemon one could get
already some view on the messaging.
Best Regards, Oliver
On Friday 12 September 2014 15:50:17 Werner Koch wrote:
> On Sun, 31 Aug 2014 12:04, oliverml1 at oli1170.net said:
> > I prefer to leave the tuning of the details to the specialists ;).
>
> Well, I coded something up but did not test it. Can you please apply
> the attached patch to Scute and try it? No need for any GnuPG patches.
>
>
> Salam-Shalom,
>
> Werner
>
> >From a797aae1476601cdde7152174c02c5cc4447bcc5 Mon Sep 17 00:00:00 2001
>
> From: Werner Koch <wk at gnupg.org>
> Date: Fri, 12 Sep 2014 15:46:41 +0200
> Subject: [PATCH] Allow signing with other algorithms than MD5+SHA1.
>
> * src/support.h (STR, STR2): NEw.
> * src/agent.c (sha1_prefix, sha224_prefix, sha256_prefix)
> (sha384_prefix, sha512_prefix): New.
> (scute_agent_sign): Increase MAX_DATA_LEN to 64. Determine hash
> algorithm by checking the ASN.1 prefixes.
> ---
More information about the Gnupg-devel
mailing list