On Sun, 20 Nov 2016 20:47, [email protected] said: > detached CMS signature. The kernel requires that the CMS does not > contain any authenticated attributes and it refuses to validate the > signature otherwise [1].
That is unfortunate because all modern implementations use the indirect signing method (using the attribute 1.2.840.113549.1.9.4). GPGSM is able to verify the old direct signing method but it can't create such an old signature. To change this we need to extend libksba, which I believe can be done without updating the API. Also we need to add an option to gpgsm (easy) and implement the old method (a few hours). Instead of doing that I would suggest to extend Linux and implement verification of the indirect signature. An update to gpgsm would then be simple by adding an option to not emit any of the other signed attributes, Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
pgp1xVr7_dXnE.pgp
Description: PGP signature
_______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
