security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-07-02 22:46:30 +02:00
Code Activity

gpgsm: Strip trailing zeroes from detached signatures.

Browse source 
* common/ksba-io-support.c: Include tlv.h
(struct reader_cb_parm_s): Add new fields.
(starts_with_sequence): New.
(simple_reader_cb): Handle stripping.
* common/ksba-io-support.h (GNUPG_KSBA_IO_STRIP): New.
(gnupg_ksba_create_reader): Handle the new flag.
* sm/verify.c (gpgsm_verify): Use the new flag for detached
signatures.
--

Note that this works only if --assume-binary is given.  The use case
for the feature is PDF signature checking where the PDF specs require
that the detached signature is padded with zeroes.
This commit is contained in:
Werner Koch 2023-03-08 10:57:25 +01:00
parent 4e391d95e0
commit 2a13f7f9dc
No known key found for this signature in database
GPG key ID: E3FDFF218E45B72B
5 changed files with 120 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

6
doc/gpgsm.texi
View file

@ -492,8 +492,10 @@ This usually means that Dirmngr is employed to search for the
certificate. Note that this option makes a "web bug" like behavior
possible. LDAP server operators can see which keys you request, so by
sending you a message signed by a brand new key (which you naturally
will not have on your local keybox), the operator can tell both your IP
address and the time when you verified the signature.
will not have on your local keybox), the operator can tell both your
IP address and the time when you verified the signature. Note that if
CRL checking is not disabled issuer certificates are retrieved in any
case using the caIssuers authorityInfoAccess method.
@anchor{gpgsm-option --validation-model}