gpgsm --import of CA certificate: Bad signature?

Simon Josefsson simon at
Wed Apr 18 17:34:30 CEST 2007

Werner Koch <wk at> writes:

> On Wed, 18 Apr 2007 14:11, simon at said:
>> It is possible to avoid a DER/BER decoder if you generate two
>> structures, one with NULL parameters and one with absent parameters,
>> and compare both against what's in the decrypted signatures.
> There is a plan tomove pkcs#1 decoding into libgcrypt.  This would allow
> us to do a second compare without too much changes.  I'll put it onto my
> todo list but don't expect it to happen anytime soon.

Doing PKCS#1 in libgcrypt would be useful for GnuTLS too.  I'd like to
remove that code in the long run... OTOH, it seems likely that GnuTLS
will use some assuan-like protocol and an agent to do private key
signing operations, so maybe this concern will be moot.

>> GnuTLS accepts both variants, so I made the change.  I'll release an
>> updated stable version to help get it out as soon as possible.
> Would it be sufficient to do that just for SHA-1?  In that case a hack
> in cipher/rsa.c would do the trick without too much fear of regression.

I don't know.  If you do it for SHA-1, that will cover many practical
situations and that may be enough.


More information about the Gnupg-users mailing list