GPGSM detached signature without auth attributes
Jernej Kos
jernej at kos.mx
Sun Nov 20 20:47:25 CET 2016
Hello!
I would like to use GPGSM to sign a Linux kernel module with a private
key stored on an OpenPGP smartcard.
The original signing tool uses OpenSSL to sign the kernel module using a
detached CMS signature. The kernel requires that the CMS does not
contain any authenticated attributes and it refuses to validate the
signature otherwise [1].
In the original signing tool [2] the CMS_add1_signer call uses the
CMS_NOATTR and CMS_NOSMIMECAP flags (the same can be achieved by using
the -noattr flag of the openssl command-line utility).
Is there anything like this available in GPGSM? I've looked at the
source code of both GPGSM and libksba and it looks like there is
currently no easy way to omit these attributes from CMS with GPGSM?
Thanks!
[1] - https://lkml.org/lkml/2015/8/5/469
[2] - https://github.com/torvalds/linux/blob/master/scripts/sign-file.c#L311
Jernej
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20161120/35f31d43/attachment.sig>
More information about the Gnupg-users
mailing list