On 2021-06-17 15:49, Viktor Dukhovni wrote:
On Sat, Jun 12, 2021 at 10:20:22PM +0200, Gaardiolor wrote:
When I compare those, they are exactly the same. But that's the thing, I
think server.sig.decrypted should be prepended with a sha256 designator
30 31 30 0d 06 09 60 86 48 01 65 03 04 02 01 05 00 04 20, which is
missing. I do see this designator with working certificates. I suspect
this is the problem.
Is that designator mandatory and likely the cause of my issue ?
Yes, PKCS#1 signatures must have an algorithm OID prefix.
Please beware that a few years ago, I found that a particular Symantec
server signedlong term messages (timestamping countersignatures)
without that prefix, using animplied algorithm of SHA-1.
It may thus be necessary for CMS implementations to accept such
signatures for that special case until they naturally expire,
and maybe a few years past that.
Defining a sufficiently narrow exception is left as an exercise
for implementors.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
