Hello! I would like to use GPGSM to sign a Linux kernel module with a private key stored on an OpenPGP smartcard.
The original signing tool uses OpenSSL to sign the kernel module using a detached CMS signature. The kernel requires that the CMS does not contain any authenticated attributes and it refuses to validate the signature otherwise [1]. In the original signing tool [2] the CMS_add1_signer call uses the CMS_NOATTR and CMS_NOSMIMECAP flags (the same can be achieved by using the -noattr flag of the openssl command-line utility). Is there anything like this available in GPGSM? I've looked at the source code of both GPGSM and libksba and it looks like there is currently no easy way to omit these attributes from CMS with GPGSM? Thanks! [1] - https://lkml.org/lkml/2015/8/5/469 [2] - https://github.com/torvalds/linux/blob/master/scripts/sign-file.c#L311 Jernej
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
