mirror of
git://git.gnupg.org/gnupg.git
synced 2024-12-22 10:19:57 +01:00
scd: Support changing key attribute back to RSA.
* scd/app-openpgp.c (change_rsa_keyattr): Try usual RSA. -- In the OpenPGP card specification, there are multiple options to support RSA (having P and Q or not, etc.), and it is implementation dependent. Since GnuPG doesn't have knowledge which card implementation support which option and there is no way (yet) for card to express itself which key attributes are supported, we haven't supported key attribute change back to RSA. But, many card implementation uses P and Q, try this option. If other cases, factory-reset would be easier option. Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
This commit is contained in:
parent
a1515b3bbc
commit
2969271876
@ -3208,21 +3208,33 @@ change_rsa_keyattr (app_t app, int keyno, unsigned int nbits,
|
|||||||
relptr = get_one_do (app, 0xC1+keyno, &buf, &buflen, NULL);
|
relptr = get_one_do (app, 0xC1+keyno, &buf, &buflen, NULL);
|
||||||
if (!relptr)
|
if (!relptr)
|
||||||
err = gpg_error (GPG_ERR_CARD);
|
err = gpg_error (GPG_ERR_CARD);
|
||||||
else if (buflen < 6 || buf[0] != PUBKEY_ALGO_RSA)
|
else if (buflen < 6)
|
||||||
{
|
{
|
||||||
/* Attriutes too short or not an RSA key. */
|
/* Attributes too short. */
|
||||||
xfree (relptr);
|
xfree (relptr);
|
||||||
err = gpg_error (GPG_ERR_CARD);
|
err = gpg_error (GPG_ERR_CARD);
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
/* We only change n_bits and don't touch anything else. Before we
|
/* If key attribute was RSA, we only change n_bits and don't
|
||||||
do so, we round up NBITS to a sensible way in the same way as
|
touch anything else. Before we do so, we round up NBITS to a
|
||||||
gpg's key generation does it. This may help to sort out problems
|
sensible way in the same way as gpg's key generation does it.
|
||||||
with a few bits too short keys. */
|
This may help to sort out problems with a few bits too short
|
||||||
|
keys. */
|
||||||
nbits = ((nbits + 31) / 32) * 32;
|
nbits = ((nbits + 31) / 32) * 32;
|
||||||
buf[1] = (nbits >> 8);
|
buf[1] = (nbits >> 8);
|
||||||
buf[2] = nbits;
|
buf[2] = nbits;
|
||||||
|
|
||||||
|
/* If it was not RSA, we need to fill other parts. */
|
||||||
|
if (buf[0] != PUBKEY_ALGO_RSA)
|
||||||
|
{
|
||||||
|
buf[0] = PUBKEY_ALGO_RSA;
|
||||||
|
buf[3] = 0;
|
||||||
|
buf[4] = 32;
|
||||||
|
buf[5] = 0;
|
||||||
|
buflen = 6;
|
||||||
|
}
|
||||||
|
|
||||||
err = change_keyattr (app, keyno, buf, buflen, pincb, pincb_arg);
|
err = change_keyattr (app, keyno, buf, buflen, pincb, pincb_arg);
|
||||||
xfree (relptr);
|
xfree (relptr);
|
||||||
}
|
}
|
||||||
|
Loading…
x
Reference in New Issue
Block a user