Dear GnuPGP Team,
first please take my apologizes if this is not the right bug tracker for the OpenPGP card as such (rather than its support by GPG).
I have an issue with the functionality of the OpenPGP card V 2.1 as described in section "7.2.8 PSO: COMPUTE DIGITAL SIGNATURE" of the OpenPGP smart card manual V 2.1.1.
If a 4096 bit RSA key is used for signing and the resulting signature has leading zero bytes, the card omits the leading zeros in its response and return e.g. just 511 instead of 512 bytes for the signature. One can argue that a RSA signature is a variable length number and if it has leading 0s, these are omitted, but I think this is a bit unexpected and should at least be documented in the spec. A result of this is e.g. that pkcs15-crypt returns signatures which don't work with OpenSSL unless the missing 0 bytes are prepended. See https://github.com/OpenSC/OpenSC/issues/1283.
Can you please clarify if this is intended behavior or a bug in the OpenPGP smart card? In any can you please document it in the manual?
Logs which show the effect are available at https://github.com/OpenSC/OpenSC/issues/1283.