gpgsm --import of CA certificate: Bad signature?
Werner Koch
wk at gnupg.org
Wed Apr 18 15:11:41 CEST 2007
On Wed, 18 Apr 2007 14:11, simon at josefsson.org said:
> It is possible to avoid a DER/BER decoder if you generate two
> structures, one with NULL parameters and one with absent parameters,
> and compare both against what's in the decrypted signatures.
There is a plan tomove pkcs#1 decoding into libgcrypt. This would allow
us to do a second compare without too much changes. I'll put it onto my
todo list but don't expect it to happen anytime soon.
> GnuTLS accepts both variants, so I made the change. I'll release an
> updated stable version to help get it out as soon as possible.
Would it be sufficient to do that just for SHA-1? In that case a hack
in cipher/rsa.c would do the trick without too much fear of regression.
Salam-Shalom,
Werner
More information about the Gnupg-users
mailing list