Werner Koch <[EMAIL PROTECTED]> writes: >> Although it may be argued that RFC 4055 only applies to RSA-PSS, >> although this particular section is not clear that it only applies to >> RSA-PSS. > > The problem is that allowing for different encodings will require a > complete DER (or well for some old specs even BER) parser in libgcrypt. > Not long ago most crypto libraries showed implementaion flaws in that - > libgcrypt didn't suffer from this due its poor man's and simple approach > to checkthe RSA signature. Given that the code in gpgsm/libgcrypt has > passed several compatibility tests I doubnt that it is a good idea to > change it now and open the way to introduce new bugs.
It is possible to avoid a DER/BER decoder if you generate two structures, one with NULL parameters and one with absent parameters, and compare both against what's in the decrypted signatures. >> I should probably change GnuTLS here. > > I'd appreciate that. If it later turns out that too many gnutls created > certificates are in use we might consider to add a hack to gpgsm just > for the SHA-1 case. GnuTLS accepts both variants, so I made the change. I'll release an updated stable version to help get it out as soon as possible. /Simon _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users