From 3a2fb1c30633373d17880469e0b84ab2a9524585 Mon Sep 17 00:00:00 2001
From: Werner Koch <wk@gnupg.org>
Date: Wed, 1 Jun 2022 17:55:49 +0200
Subject: [PATCH] scd:nks: Don't flag the ESIGN keypair EF as encryption
 capable.

* scd/app-nks.c (filelist): Tweak 0x4531.
--

Actually the certificate has no encryption usage but we should also
tell that via KEYINFO so that this key is never tried to create an
encryption certificate.
---
 scd/app-nks.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scd/app-nks.c b/scd/app-nks.c
index 2aa4ad2c2..468c99c3f 100644
--- a/scd/app-nks.c
+++ b/scd/app-nks.c
@@ -158,7 +158,7 @@ static struct
   { 1, 0xC008, 3, 101 },                    /* EF_C.CA.SIG  */
   { 1, 0xC00E, 3, 111 },                    /* EF_C.RCA.SIG  */
 
-  { 2, 0x4531, 15, 0, 0xC001, 0,1,1, 0x84}, /* EF_PK.CH.SIG  */
+  { 2, 0x4531, 15, 0, 0xC001, 0,1,0, 0x84}, /* EF_PK.CH.SIG  */
   { 2, 0xC000, 15,101 },                    /* EF.C.SCA.QES (SubCA) */
   { 2, 0xC001, 15,100 },                    /* EF.C.ICC.QES (Cert)  */
   { 2, 0xC00E, 15,111 },                    /* EF.C.RCA.QES (RootCA */