gpgsm and multiple messages
wk at gnupg.org
Mon Mar 12 13:57:38 CET 2007
I have been asked how the multiple messages problem, published last
week, relates to gpgsm and thus S/MIME messages.
Well, there is no problem because S/MIME is based on CMS (formerly
known as pkcs#7) and CMS is different from OpenPGP concerning the
structure of its messages:
* CMS is not packet based but a large binary block completely defined
by an ASN.1 specification. Prefixing this data with another CMS
message won't give a valid CMS message and more important, gpgsm
will only process the first of these messages.
* gpgsm needs to be called explicitly for decryption and verification
so that the caller needs to take care of passing the decrypted
message a second time to gpgsm for signature verification.
* gpgsm uses an explicit state machine for processing of CMS data and
there is no way to restart this machine to process a second message.
More information about the Gnupg-users