Invalid signatures produced using gnupg-pkcs11-scd
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
gnupg-pkcs11-scd (Ubuntu) |
New
|
Undecided
|
Unassigned |
Bug Description
After upgrading from wily to xenial (and at the same time having to move from gpg to gpg2) I can no longer produce signatures using gnupg-pkcs11-scd.
Debugging this I found that the algorithm prefix is now included twice in the signed data, making the signature self-test fail.
Here we have the data to sign, including the algorithm prefix (3031300D060960
2016-05-03 16:33:56 gpg-agent[18007] DBG: chan_6 -> SETDATA 3031300D0609608
48B8BCA9FE278DD
2016-05-03 16:33:56 gpg-agent[18007] DBG: chan_6 <- OK
Calling PKSIGN with the hash argument will cause gnupg-pkcs11-scd to add another copy of the algorithm prefix:
2016-05-03 16:33:56 gpg-agent[18007] DBG: chan_6 -> PKSIGN --hash=sha256 SafeNet\
The signed data, showing the duplicated algorithm prefix under rsa_verify cmp is attached.
Not sure how a backward-compatible fix would look like (probably would have to check whether this prefix is already present), but forcing inject = INJECT_NONE in cmd_pksign seems to fix the issue for me.
Moritz