diff options
| author | Werner Koch <[email protected]> | 2023-03-08 09:57:25 +0000 |
|---|---|---|
| committer | Werner Koch <[email protected]> | 2023-03-08 10:00:00 +0000 |
| commit | 2a13f7f9dc75265ece649e30fecd3dc694b1240e (patch) | |
| tree | 125cac1ec1a73805f7e5c1e88d1e27ff86babf72 /doc/gpgsm.texi | |
| parent | scd: Fix checking memory allocation. (diff) | |
| download | gnupg-2a13f7f9dc75265ece649e30fecd3dc694b1240e.tar.gz gnupg-2a13f7f9dc75265ece649e30fecd3dc694b1240e.zip | |
gpgsm: Strip trailing zeroes from detached signatures.
* common/ksba-io-support.c: Include tlv.h
(struct reader_cb_parm_s): Add new fields.
(starts_with_sequence): New.
(simple_reader_cb): Handle stripping.
* common/ksba-io-support.h (GNUPG_KSBA_IO_STRIP): New.
(gnupg_ksba_create_reader): Handle the new flag.
* sm/verify.c (gpgsm_verify): Use the new flag for detached
signatures.
--
Note that this works only if --assume-binary is given. The use case
for the feature is PDF signature checking where the PDF specs require
that the detached signature is padded with zeroes.
Diffstat (limited to 'doc/gpgsm.texi')
| -rw-r--r-- | doc/gpgsm.texi | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/doc/gpgsm.texi b/doc/gpgsm.texi index a328ea5f0..42090a93f 100644 --- a/doc/gpgsm.texi +++ b/doc/gpgsm.texi @@ -492,8 +492,10 @@ This usually means that Dirmngr is employed to search for the certificate. Note that this option makes a "web bug" like behavior possible. LDAP server operators can see which keys you request, so by sending you a message signed by a brand new key (which you naturally -will not have on your local keybox), the operator can tell both your IP -address and the time when you verified the signature. +will not have on your local keybox), the operator can tell both your +IP address and the time when you verified the signature. Note that if +CRL checking is not disabled issuer certificates are retrieved in any +case using the caIssuers authorityInfoAccess method. @anchor{gpgsm-option --validation-model} |