This appears to still be a problem, despite upgrading to libksba 1.4.0:
Thu, Jun 11
May 27 2020
GnuTLS seems to have some CMS support; see https://gitlab.com/gnutls/gnutls/-/issues/227 .
May 19 2020
Seems to be fixed now.
Parsing and creating of certs does now work. I was not able to find sample CMS objects so this part is not yet finished.
Finished if an existing key is used. See rG6dc3846d78192e393be73c16c72750734a9174d1 for examples.
See rG6dc3846d78192e393be73c16c72750734a9174d1 for examples on how to create a cert
May 18 2020
May 14 2020
May 12 2020
May 11 2020
Signing using ECDSA does now also work. Tested with 3 in disk keys: nistp256, nistp384 and RSA and verified using gpgsm and Governikus Signer.
May 8 2020
Basic en- and decryption test against Governikus_Signer has now been done. Beware: I had to add a debug option to gpgsm to workaround non-compliance in algorithm support of Governikus; see the rG68b857df13c8a4e6cae5e3a29fd065bf90764547 for details.
May 7 2020
May 4 2020
It works for me(tm).
May 1 2020
Apr 27 2020
Done for master
Apr 23 2020
Apr 21 2020
Apr 17 2020
I am working on the Telesec Signature Card v2. I will add encryption support to gpgsm.
Apr 16 2020
We do this now always if --auto-issuer-key-retrieve is set. Also backported to 2.2
Apr 15 2020
Apr 14 2020
Data (ie.e CMS) signatures do now also work.
Apr 9 2020
Okay certificate and CRL checking does now work with rsaPSS. Need to work on data signatures and check the compliance modes.
Apr 8 2020
I started to work on it so that I can actually use the certificates on my new D-Trust card. This will be a verify-only implementation.
Apr 6 2020
Mar 31 2020
genkey for Ed25519 works now with libksba in master.
For public key, it's done.
Mar 30 2020
The problem was the comment field which was not expected in an rsa key. However ist makes sense to allow additional fields and thus I pushed a change to Libksba.
Mar 27 2020
NIST P-256 key generation looks good.
Mar 26 2020
OK, i've asked on gnupg-devel.
Please use the mailing list for help on generating keys. I would also suggest to use GnuPG master for such experiments.
Mar 25 2020
Mar 24 2020
There are two code paths to generate key: gpgsm_genkey and gpgsm_gencertreq_tty. Latter is partially supported with card key.
Firstly, I'm going to work for T4888.
This should work well with libksba master and gnupg/sm master.
The commits in 2019 (for libksba and gnupg/sm) handles the problem (of key generation using card).
Mar 20 2020
That option does the same as --disable-dirmngr which in trun has the same effect as disable-crl-checks