gpgsm --import of CA certificate: Bad signature?
Simon Josefsson
simon at josefsson.org
Wed Apr 18 14:11:38 CEST 2007
Werner Koch <wk at gnupg.org> writes:
>> Although it may be argued that RFC 4055 only applies to RSA-PSS,
>> although this particular section is not clear that it only applies to
>> RSA-PSS.
>
> The problem is that allowing for different encodings will require a
> complete DER (or well for some old specs even BER) parser in libgcrypt.
> Not long ago most crypto libraries showed implementaion flaws in that -
> libgcrypt didn't suffer from this due its poor man's and simple approach
> to checkthe RSA signature. Given that the code in gpgsm/libgcrypt has
> passed several compatibility tests I doubnt that it is a good idea to
> change it now and open the way to introduce new bugs.
It is possible to avoid a DER/BER decoder if you generate two
structures, one with NULL parameters and one with absent parameters,
and compare both against what's in the decrypted signatures.
>> I should probably change GnuTLS here.
>
> I'd appreciate that. If it later turns out that too many gnutls created
> certificates are in use we might consider to add a hack to gpgsm just
> for the SHA-1 case.
GnuTLS accepts both variants, so I made the change. I'll release an
updated stable version to help get it out as soon as possible.
/Simon
More information about the Gnupg-users
mailing list