Am 06.05.25 12:14 schrieb(en) Werner Koch: [snip]
This signature is a certificate-only message:$ ~/b/libksba/tests/t-cms-parser SIG.bin *** checking `SIG.bin' *** identified as: signed data stop reason: 2 ContentType: 1.2.840.113549.1.7.2 stop reason: 3 EncapsulatedContentType: 1.2.840.113549.1.7.1 DigestAlgorithms: 2.16.840.1.101.3.4.2.1 Detached signature stop reason: 6 this is a certs-only message *** all checks done
[snip]
Your signature is missing the part of the signature which is in the proper signature from offset 17..47. Instead it starts off directly with the list of certificates indicated by a context tag 0 at offset 15 which starts in the proper signature at offset 35
Ok, thanks for the detailed explanation!
What we should do is to print a message that this is a cert-only signature in the same way the LibKSBA test tool does it.
Well, this doesn't solve the issue from the user's perspective IMHO. Apparently Thunderbird (and maybe other MUA's, too?) *is* able to deal with this signature, including a warning if the message has been tampered with, whilst any application using the gpgsm through gpgme or directly isn't which of course is a pity. I agree that this format seems to be rarely used (I actually saw it in messages from my electric supply company only, probably produced by some kind of crypto gateway; the headers don't give any further indication), but it would be great if gpgsm/libksba could deal with this kind of corner cases. Thanks, Albrecht.
openpgp-digital-signature.asc
Description: This is a digitally signed message part.
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users
