Tue, May 19
Seems to be fixed now.
Parsing and creating of certs does now work. I was not able to find sample CMS objects so this part is not yet finished.
Thu, May 14
Won't fix because there is no need for it. ASN.1 modules are the formal description of a protocol and as such not copyrightable.
Thanks. Applied. Will go into 1.4.0
Tue, May 12
Mon, May 11
May 4 2020
It works for me(tm).
May 1 2020
Apr 21 2020
Apr 15 2020
Apr 14 2020
Data (ie.e CMS) signatures do now also work.
Apr 9 2020
Okay certificate and CRL checking does now work with rsaPSS. Need to work on data signatures and check the compliance modes.
Apr 8 2020
I started to work on it so that I can actually use the certificates on my new D-Trust card. This will be a verify-only implementation.
Mar 31 2020
For public key, it's done.
Mar 30 2020
Mar 24 2020
This should work well with libksba master and gnupg/sm master.
Mar 5 2020
It is actually questionable whether PSS is a better padding scheme than PKCS#1, see
https://www.metzdowd.com/pipermail/cryptography/2019-November/035449.html . PSS seems indeed be rarely used; quoting Peter from a followup on his writeup: “If I get time over the weekend, and I can find a CMS message signed with RSA-PSS, I'll create a forgery using xor256.”
Mar 4 2020
To summarize: The DGN CRL uses a the RSA-PSS Padding / Signature Scheme. ( https://de.wikipedia.org/wiki/Probabilistic_Signature_Scheme )
Jan 8 2020
Sorting the table is a good idea for reproducibility, since otherwise the tree depends on the order of the arguments to asn1-gentables, which are generated with a wildcard expansion that might be shell or file system dependent.
Frankly, I am not sure why we sort that table at all. Your patch does not harm, though.
Jun 1 2019
May 31 2019
RFC 5280 only addresses about BCP78 and not about TLP, while RFC 5652, RFC 5755, RFC 5911 and RFC 5912 address explicitly about TLP. In this situation, I wonder if it's better to take the definitions of Extensions, UniqueIdentifier, and GeneralNames from RFC 5280. To be conservative, I don't include them now.
I pushed more changes to include modules in RFC 5911 and RFC 5912.
Comparing old cms.asn and new cms.asn, now I understand how RFC 3370 matters. I added those things back from RFC 5911 (which cites RFC 3370) which comes with BSD license for code.
May 30 2019
@gniibe thank you!
I did some work (since Debian is important for us).
Please have a look at my topic branch: gniibe/fix-4487