Signing Failure with gpg-agent and scdaemon
Werner Koch
wk at gnupg.org
Tue Dec 3 15:35:22 CET 2024
Hi!
On Tue, 3 Dec 2024 13:37, Michael Oberrauch said:
> Has anyone else encountered such a problem before? I did not really
> find anyone else with a similar problem on the internet.
We had a similar problem 12 years ago when 3072 bit keys started to show
up. With commit 905b6a36d3ca21b2f619721e1de892398e5eb759 this was fixed
for decryption. Signing was in general not a problem because most
applications sign only a hash and this fits nicely into the limit.
Meanwhile ssh started to do some silly things, like directly signing the
host bounding data instead of hashing it first and then sign the hash.
This leads to large amounts of to-be-signed data which is in general
okay but does not work with all smartcards or readers. This data is
large in the context of smartcard and their APDUs. See for example
https://dev.gnupg.org/T5931
> Does anyone know, if there is a reason for this value to be arbitrarily
> at 1000, especially since it is smaller than the length of data some
Arbitrary, so that small static buffer can be used and ppl do not try to
abuse the command channel for bulk data.
Fix should be easy. Tracked by https://dev.gnupg.org/T7436
Thanks for reporting.
Shalom-Salam,
Werner
--
The pioneers of a warless world are the youth that
refuse military service. - A. Einstein
-------------- next part --------------
A non-text attachment was scrubbed...
Name: openpgp-digital-signature.asc
Type: application/pgp-signature
Size: 247 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20241203/ad96ac27/attachment.sig>
More information about the Gnupg-users
mailing list