gpg: Fix leftover unprotected card backup key.

* agent/command.c (cmd_learn): Add option --reallyforce. * agent/findkey.c (agent_write_private_key): Implement reallyforce. Also add arg reallyforce and pass it along the call chain. * g10/call-agent.c (agent_scd_learn): Pass --reallyforce with a special force value. * g10/keygen.c (card_store_key_with_backup): Use that force value. -- This was a regression in 2.2.42. We took the easy path to fix it by getting the behaviour back to what we did prior to 2.2.42. With GnuPG 2.4.4 we use an entire different and safer approach by introducing an ephemeral private key store. GnuPG-bug-id: 6944
2025-07-03 22:56:33 +02:00 · 2024-01-24 11:29:24 +01:00 · 2024-01-24 11:29:24 +01:00 · 3b69d8bf71
commit 3b69d8bf71
parent 9938e8d3f4
10 changed files with 51 additions and 27 deletions
--- a/agent/agent.h
+++ b/agent/agent.h
@ -422,7 +422,8 @@ void start_command_handler_ssh (ctrl_t, gnupg_fd_t);
 gpg_error_t agent_modify_description (const char *in, const char *comment,
                                      const gcry_sexp_t key, char **result);
 int agent_write_private_key (const unsigned char *grip,
-                             const void *buffer, size_t length, int force,
+                             const void *buffer, size_t length,
+                             int force, int reallyforce,
                             const char *serialno, const char *keyref,
                             const char *dispserialno, time_t timestamp);
 gpg_error_t agent_key_from_file (ctrl_t ctrl,
@ -548,6 +549,7 @@ gpg_error_t s2k_hash_passphrase (const char *passphrase, int hashalgo,
 gpg_error_t agent_write_shadow_key (const unsigned char *grip,
                                    const char *serialno, const char *keyid,
                                    const unsigned char *pkbuf, int force,
+                                    int reallyforce,
                                    const char *dispserialno);


@ -628,7 +630,8 @@ void agent_card_killscd (void);


 /*-- learncard.c --*/
-int agent_handle_learn (ctrl_t ctrl, int send, void *assuan_context, int force);
+int agent_handle_learn (ctrl_t ctrl, int send, void *assuan_context,
+                        int force, int reallyforce);


 /*-- cvt-openpgp.c --*/