From 1e69676981ac4849bc687c975da0925d65ee03a8 Mon Sep 17 00:00:00 2001
From: Werner Koch <wk@gnupg.org>
Date: Wed, 1 Jun 2022 17:55:49 +0200
Subject: [PATCH] scd:nks: Don't flag the ESIGN keypair EF as encryption
 capable.

* scd/app-nks.c (filelist): Tweak 0x4531.
--

Actually the certificate has no encryption usage but we should also
tell that via KEYINFO so that this key is never tried to create an
encryption certificate.

(cherry picked from commit 3a2fb1c30633373d17880469e0b84ab2a9524585)
---
 scd/app-nks.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scd/app-nks.c b/scd/app-nks.c
index c8b2ac33d..8a99864cb 100644
--- a/scd/app-nks.c
+++ b/scd/app-nks.c
@@ -158,7 +158,7 @@ static struct
   { 1, 0xC008, 3, 101 },                    /* EF_C.CA.SIG  */
   { 1, 0xC00E, 3, 111 },                    /* EF_C.RCA.SIG  */
 
-  { 2, 0x4531, 15, 0, 0xC001, 0,1,1, 0x84}, /* EF_PK.CH.SIG  */
+  { 2, 0x4531, 15, 0, 0xC001, 0,1,0, 0x84}, /* EF_PK.CH.SIG  */
   { 2, 0xC000, 15,101 },                    /* EF.C.SCA.QES (SubCA) */
   { 2, 0xC001, 15,100 },                    /* EF.C.ICC.QES (Cert)  */
   { 2, 0xC00E, 15,111 },                    /* EF.C.RCA.QES (RootCA */