On Wed, 18 Apr 2007 14:11, [EMAIL PROTECTED] said: > It is possible to avoid a DER/BER decoder if you generate two > structures, one with NULL parameters and one with absent parameters, > and compare both against what's in the decrypted signatures.
There is a plan tomove pkcs#1 decoding into libgcrypt. This would allow us to do a second compare without too much changes. I'll put it onto my todo list but don't expect it to happen anytime soon. > GnuTLS accepts both variants, so I made the change. I'll release an > updated stable version to help get it out as soon as possible. Would it be sufficient to do that just for SHA-1? In that case a hack in cipher/rsa.c would do the trick without too much fear of regression. Salam-Shalom, Werner _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users