GPGSM detached signature without auth attributes

Jernej Kos jernej at kos.mx
Tue Nov 22 11:08:50 CET 2016


Hello!

On 22. 11. 2016 08:06, Werner Koch wrote:
> That is unfortunate because all modern implementations use the
> indirect signing method (using the attribute 1.2.840.113549.1.9.4).
> GPGSM is able to verify the old direct signing method but it can't
> create such an old signature.

This explains why my quick hack with just removing the signed attributes
didn't work (I could remove everything but the messageDigest). The
indirect method uses the messageDigest that is part of the signed
attributes, right? I've also looked into how OpenSSL does it and noticed
that the signing part is done differently when the CMS_NOATTR flag is
passed.

I've quickly looked at the CMS RFCs, but they seem quite heavy. I would
be grateful for any quick pointers you might have.

> Instead of doing that I would suggest to extend Linux and implement
> verification of the indirect signature.  An update to gpgsm would then
> be simple by adding an option to not emit any of the other signed
> attributes,

Yes, that would probably be the best option and I am not sure why they
didn't do it this way. I also don't like that the default way to sign
things in the Linux kernel assumes that the private key is available in
a local file, as this is way less secure than storing it in a HSM. Had
they used gpgsm from the start, they would also find the need to support
indirect signatures.

Unfortunately I need this in a current system, so I might just look
around libksba when I find some more time.

Thanks for making things more clear!


Jernej

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20161122/de40da95/attachment.sig>


More information about the Gnupg-users mailing list