Hi all, I stumbled over a S/MIME signed message where gpgsm seems to be unable to extract the signers and to verify the signature. Using the attached signature blob and a dummy “message” part, gpgsm says just
<snip>
$ gpgsm --debug-level basic --verify SIG.bin dummy.txt
gpgsm: enabled debug flags: ipc
gpgsm: enabled compatibility flags:
gpgsm: detached signature
secmem usage: 0/16384 bytes in 0 blocks
</snip>
instead of printing the signer's data (date, key id). Higher debug levels
don't provide more insight (to me, at least). The command does import the
certificates into the key ring, though (try “gpgsm --list-chain 0x3F239410”).
The effect is not reproducible with other RSA+SHA256 signatures.
OTOH, certtool *does* print the signature info
<snip>
$ certtool --p7-verify --inder --load-data dummy.txt < SIG.bin
Loaded system trust (141 CAs available)
eContent Type: 1.2.840.113549.1.7.1
Signers:
Signer's issuer DN: CN=SwissSign RSA SMIME NCP ICA 2022 - 1,O=SwissSign
AG,C=CH
Signer's serial: 02dc760c692bf5e017f7dcdd4857ff674b7aa436
Signing time: Fri Sep 27 15:44:21 UTC 2024
Signature Algorithm: RSA-SHA256
Signature status: verification failed: Public key signature
verification has failed.
</snip>
and Thunderbird is also able to verify the massage and to display the signature
info.
I use gpgsm coming with Debian Bookworm
<snip>
$ gpgsm --version
gpgsm (GnuPG) 2.2.40
libgcrypt 1.10.1
libksba 1.6.3
</snip>
Is this a mis-configuration of my system, or a limitation of a gpgsm (maybe a
too old version)?
Thanks in advance,
Albrecht.
SIG.bin
Description: Binary data
openpgp-digital-signature.asc
Description: This is a digitally signed message part.
_______________________________________________ Gnupg-users mailing list [email protected] https://lists.gnupg.org/mailman/listinfo/gnupg-users
