gpgsm and multiple messages

Werner Koch wk at
Mon Mar 12 13:57:38 CET 2007


I have been asked how the multiple messages problem, published last
week, relates to gpgsm and thus S/MIME messages.

Well, there is no problem because S/MIME is based on CMS (formerly
known as pkcs#7) and CMS is different from OpenPGP concerning the
structure of its messages:

* CMS is not packet based but a large binary block completely defined
  by an ASN.1 specification.  Prefixing this data with another CMS
  message won't give a valid CMS message and more important, gpgsm
  will only process the first of these messages.

* gpgsm needs to be called explicitly for decryption and verification
  so that the caller needs to take care of passing the decrypted
  message a second time to gpgsm for signature verification.

* gpgsm uses an explicit state machine for processing of CMS data and
  there is no way to restart this machine to process a second message.



More information about the Gnupg-users mailing list