-
Notifications
You must be signed in to change notification settings - Fork 1
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Missing signature verification of CSCA master list #1
Comments
The problem has been identified at least for one master list (C=ES crc=02409DA3). The issue doesn't lay in the cryptography library as initially thought but in a different asn1 serialization format that was used to store a Specifically, a |
Commit 8b934bf fixes this issue. Closing issue. |
The examination of master lists publicly available at ICAO PKD showed that every master list has this issue. |
There is still issue with signature verification of the Hungarian master list. |
The RFC 5652 Section 5.4 specifies that the message digest should be calculated over |
Due to the issues with
cryptography
library and it's implementation of DSA signature verification, the integrety check is currently not implemented for master list.The text was updated successfully, but these errors were encountered: