On Tue, 17 Apr 2007 20:14, [EMAIL PROTECTED] said: > As far as I can tell, there is nothing wrong with this certificate. > Ideas?
If you look at the pkcs#1 encoding, you get: Your certificate: 0 30 31: SEQUENCE { 2 30 7: SEQUENCE { 4 06 5: OBJECT IDENTIFIER sha1 (1 3 14 3 2 26) : } 11 04 20: OCTET STRING : 2D E8 78 BE 21 E4 F4 3F FE 26 9F F3 20 20 9C BC : D3 CE E6 23 : } gpgsm constructs this pkcs#1 to compare it against yours: 0 30 33: SEQUENCE { 2 30 9: SEQUENCE { 4 06 5: OBJECT IDENTIFIER sha1 (1 3 14 3 2 26) 11 05 0: NULL : } 13 04 20: OCTET STRING : 2D E8 78 BE 21 E4 F4 3F FE 26 9F F3 20 20 9C BC : D3 CE E6 23 : } Thus we have an extra NULL and that is the reason that it does not verify. I am too tired to read pkcs#1 know; will do that tomorrow. Anyway it is the first case that I noticed such a pkcs#1 encoding. > I don't know if it is relevant, but the list of 'Supported algorithms' > seems rather short: Well there is no routine yet to print them. It would actually be a long list given all the OIDs you may use to tell taht it is RSA or SHA1 or whatever. Salam-Shalom, Werner _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users