Re: GPGSM detached signature without auth attributes
Hello! On 22. 11. 2016 08:06, Werner Koch wrote: > That is unfortunate because all modern implementations use the > indirect signing method (using the attribute 1.2.840.113549.1.9.4). > GPGSM is able to verify the old direct signing method but it can't > create such an old signature. This explains why my quick hack with just removing the signed attributes didn't work (I could remove everything but the messageDigest). The indirect method uses the messageDigest that is part of the signed attributes, right? I've also looked into how OpenSSL does it and noticed that the signing part is done differently when the CMS_NOATTR flag is passed. I've quickly looked at the CMS RFCs, but they seem quite heavy. I would be grateful for any quick pointers you might have. > Instead of doing that I would suggest to extend Linux and implement > verification of the indirect signature. An update to gpgsm would then > be simple by adding an option to not emit any of the other signed > attributes, Yes, that would probably be the best option and I am not sure why they didn't do it this way. I also don't like that the default way to sign things in the Linux kernel assumes that the private key is available in a local file, as this is way less secure than storing it in a HSM. Had they used gpgsm from the start, they would also find the need to support indirect signatures. Unfortunately I need this in a current system, so I might just look around libksba when I find some more time. Thanks for making things more clear! Jernej signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GPGSM detached signature without auth attributes
Hi, Jernej Kos: > Hello! > > Not sure about what you mean with the OpenPGP card not supporting > signing? I have set gpgsm to use the signing key on the OpenPGP card (in > key slot 1) for generating X509 certificates and CMS (S/MIME) signatures > by doing: > > gpgsm --learn-card > gpgsm --gen-key > > And selecting an existing key on the OpenPGP card in the key slot for > signing. This is using GnuPG 2.1.15. > [...] sorry, I obviously got this wrong. I'll have to take a deeper look into gpgsm and its use with smart cards. Thanks for your answer. Stephan 0x4218732B.asc Description: application/pgp-keys signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GPGSM detached signature without auth attributes
On Sun, 20 Nov 2016 20:47, jer...@kos.mx said: > detached CMS signature. The kernel requires that the CMS does not > contain any authenticated attributes and it refuses to validate the > signature otherwise [1]. That is unfortunate because all modern implementations use the indirect signing method (using the attribute 1.2.840.113549.1.9.4). GPGSM is able to verify the old direct signing method but it can't create such an old signature. To change this we need to extend libksba, which I believe can be done without updating the API. Also we need to add an option to gpgsm (easy) and implement the old method (a few hours). Instead of doing that I would suggest to extend Linux and implement verification of the indirect signature. An update to gpgsm would then be simple by adding an option to not emit any of the other signed attributes, Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. pgp1xVr7_dXnE.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GPGSM detached signature without auth attributes
Hello! Not sure about what you mean with the OpenPGP card not supporting signing? I have set gpgsm to use the signing key on the OpenPGP card (in key slot 1) for generating X509 certificates and CMS (S/MIME) signatures by doing: gpgsm --learn-card gpgsm --gen-key And selecting an existing key on the OpenPGP card in the key slot for signing. This is using GnuPG 2.1.15. I can successfully use gpgsm to sign an arbitrary file in detached mode and can validate the signature using "openssl cms -verify". So the signing part seems to work. The only problem is that such a signature is rejected by the kernel due to containing signedAttrs (the CMS structure can be inspected by running "openssl cms -cmsout -inform DER -print -in signature.der"). I've tried removing the signed attributes from the CMS by hacking the source of libksba and the resulting file doesn't have signedAttrs, but for some reason the signature is then wrong. So I have to look into this more. Thanks! Jernej On 22. 11. 2016 01:58, Stephan Beck wrote: > Hi Jerney, > > Jernej Kos: >> Hello! >> >> I would like to use GPGSM to sign a Linux kernel module with a private >> key stored on an OpenPGP smartcard. > > As to the OpenPGP card 2.1 [1] specification, you can store the private > key of an X.509 certificate on card (Data Object Cardholder Certificate, > TAG 7F21) ONLY for using it for authentication purposes in a > client/server environment, not for signing. > In version 3.0 of the OpenPGP card specification the decipher and sign > capabilities for use with an PKIX/X.509 certificate have been > introduced. Unfortunately I don't know of any existing OpenPGP smart > card that implements version 3.0 [2]. > So, I guess, without even discussing the possibility (and further > details) of using a "smartcard-based" X.509 certificate's private key > with gpgsm for digitally signing a file skipping/overriding/ignoring > CMS's auth attributes for signing a kernel module, it is not (yet) > feasible (in practice). > > My 2 cent > > Stephan > signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GPGSM detached signature without auth attributes
Hi, I forgot to include the links to the docs. [1] http://g10code.com/docs/openpgp-card-2.1.pdf [2] http://g10code.com/docs/openpgp-card-3.0.pdf Stephan Beck: > Hi Jerney, > > Jernej Kos: >> Hello! >> >> I would like to use GPGSM to sign a Linux kernel module with a private >> key stored on an OpenPGP smartcard. 0x4218732B.asc Description: application/pgp-keys signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GPGSM detached signature without auth attributes
Hi Jerney, Jernej Kos: > Hello! > > I would like to use GPGSM to sign a Linux kernel module with a private > key stored on an OpenPGP smartcard. As to the OpenPGP card 2.1 [1] specification, you can store the private key of an X.509 certificate on card (Data Object Cardholder Certificate, TAG 7F21) ONLY for using it for authentication purposes in a client/server environment, not for signing. In version 3.0 of the OpenPGP card specification the decipher and sign capabilities for use with an PKIX/X.509 certificate have been introduced. Unfortunately I don't know of any existing OpenPGP smart card that implements version 3.0 [2]. So, I guess, without even discussing the possibility (and further details) of using a "smartcard-based" X.509 certificate's private key with gpgsm for digitally signing a file skipping/overriding/ignoring CMS's auth attributes for signing a kernel module, it is not (yet) feasible (in practice). My 2 cent Stephan 0x4218732B.asc Description: application/pgp-keys signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
GPGSM detached signature without auth attributes
Hello! I would like to use GPGSM to sign a Linux kernel module with a private key stored on an OpenPGP smartcard. The original signing tool uses OpenSSL to sign the kernel module using a detached CMS signature. The kernel requires that the CMS does not contain any authenticated attributes and it refuses to validate the signature otherwise [1]. In the original signing tool [2] the CMS_add1_signer call uses the CMS_NOATTR and CMS_NOSMIMECAP flags (the same can be achieved by using the -noattr flag of the openssl command-line utility). Is there anything like this available in GPGSM? I've looked at the source code of both GPGSM and libksba and it looks like there is currently no easy way to omit these attributes from CMS with GPGSM? Thanks! [1] - https://lkml.org/lkml/2015/8/5/469 [2] - https://github.com/torvalds/linux/blob/master/scripts/sign-file.c#L311 Jernej signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users