On Wed, 28 Feb 2018 18:57, andr...@andrewg.com said:
> Is there any support for using gpgsm as a certificate authority?
There is some basic support to create certificates:
The format of the parameter file is described in the manual under
"Unattended Usage".
[...]
This parameter
d.
https://github.com/jymigeon/gpgsm-as-ca
It is still a bit rough, I expect to expand it a bit in a few days.
All certificates I issue through this method work with the openssl
stacks we have around, so it is working from my PoV.
Did not investigate how to handle the CRL part though, and
Hi, all.
Is there any support for using gpgsm as a certificate authority?
--
Andrew Gallagher
signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
Werner Koch [EMAIL PROTECTED] writes:
Thus we have an extra NULL and that is the reason that it does not
verify. I am too tired to read pkcs#1 know; will do that tomorrow.
Anyway it is the first case that I noticed such a pkcs#1 encoding.
Ah, I see. Whether the parameters should be NULL or
On Wed, 18 Apr 2007 11:39, [EMAIL PROTECTED] said:
RFC 3279 is updated by RFC 4055 which says in section 2.1 (in
particular the second paragraph):
Which is actually Peter's text but with a different suggestion.
Although it may be argued that RFC 4055 only applies to RSA-PSS,
although this
Werner Koch [EMAIL PROTECTED] writes:
Although it may be argued that RFC 4055 only applies to RSA-PSS,
although this particular section is not clear that it only applies to
RSA-PSS.
The problem is that allowing for different encodings will require a
complete DER (or well for some old specs
On Wed, 18 Apr 2007 14:11, [EMAIL PROTECTED] said:
It is possible to avoid a DER/BER decoder if you generate two
structures, one with NULL parameters and one with absent parameters,
and compare both against what's in the decrypted signatures.
There is a plan tomove pkcs#1 decoding into
Werner Koch [EMAIL PROTECTED] writes:
On Wed, 18 Apr 2007 14:11, [EMAIL PROTECTED] said:
It is possible to avoid a DER/BER decoder if you generate two
structures, one with NULL parameters and one with absent parameters,
and compare both against what's in the decrypted signatures.
There is
On Tue, 17 Apr 2007 20:14, [EMAIL PROTECTED] said:
As far as I can tell, there is nothing wrong with this certificate.
Ideas?
If you look at the pkcs#1 encoding, you get:
Your certificate:
0 30 31: SEQUENCE {
2 307: SEQUENCE {
4 065: OBJECT IDENTIFIER sha1 (1 3 14 3