gpgsm unable to extract signers from a valid (?) signature

Werner Koch wk at gnupg.org
Wed Oct 2 09:19:04 CEST 2024


Hi!

On Tue,  1 Oct 2024 17:40, Albrecht Dreß said:

> and Thunderbird is also able to verify the massage and to display the
> signature info.

Running it with --audit-log FILE puts this info into FILE:

* Data verification succeeded:         No
*   Data available:         Yes
*   Signature available:         No
*   Included certificates:         5
*     (#00BB401C43F55E4FB0/CN=SwissSign Gold CA - G2,O=SwissSign AG,C=CH)
*       (/CN=SwissSign Gold CA - G2,O=SwissSign AG,C=CH)
*     (#00B30511B116B4A056511D7C681F877D/CN=SwissSign Gold CA - G2,O=SwissSign AG,C=CH)
*       (/CN=SwissSign RSA SMIME Root CA 2022 - 1,O=SwissSign AG,C=CH)
*     (#796C0FD9724F3291C0083A1A6DEEC2670EB6DCA0/CN=SwissSign RSA SMIME Root CA 2022 - 1,O=SwissSign AG,C=CH)
*       (/CN=SwissSign RSA SMIME NCP ICA 2022 - 1,O=SwissSign AG,C=CH)
*     (#02DC760C692BF5E017F7DCDD4857FF674B7AA436/CN=SwissSign RSA SMIME NCP ICA 2022 - 1,O=SwissSign AG,C=CH)
*       (/CN=pseudo Kundenservice e regio,1.2.840.113549.1.9.1=#6B756E64656E7365727669636540652D726567696F2E6465,2.5.4.97=#4E545244452D444552333230312E48524135383834,O=e-regio GmbH & Co. KG,L=Euskirchen,ST=NW,C=DE)
*       (/<kundenservice at e-regio.de>)
*     (#02DC760C692BF5E017F7DCDD4857FF674B7AA436/CN=SwissSign RSA SMIME NCP ICA 2022 - 1,O=SwissSign AG,C=CH)
*       (/CN=pseudo Kundenservice e regio,1.2.840.113549.1.9.1=#6B756E64656E7365727669636540652D726567696F2E6465,2.5.4.97=#4E545244452D444552333230312E48524135383834,O=e-regio GmbH & Co. KG,L=Euskirchen,ST=NW,C=DE)
*       (/<kundenservice at e-regio.de>)

Thus libksba does not see the actual signature but only the
certificates.  The data is handled as a kind of certs-only message but
that's of course wrong.  I'll get back to you as soon as I have had a
closer look at it.


Salam-Shalom,

   Werner

-- 
The pioneers of a warless world are the youth that
refuse military service.             - A. Einstein
-------------- next part --------------
A non-text attachment was scrubbed...
Name: openpgp-digital-signature.asc
Type: application/pgp-signature
Size: 247 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20241002/7e8bf4ab/attachment.sig>


More information about the Gnupg-users mailing list