1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-07-03 22:56:33 +02:00

gpg: Fix leftover unprotected card backup key.

* agent/command.c (cmd_learn): Add option --reallyforce.
* agent/findkey.c (agent_write_private_key): Implement reallyforce.
Also add arg reallyforce and pass it along the call chain.

* g10/call-agent.c (agent_scd_learn): Pass --reallyforce with a
special force value.
* g10/keygen.c (card_store_key_with_backup): Use that force value.
--

This was a regression in 2.2.42.  We took the easy path to fix it by
getting the behaviour back to what we did prior to 2.2.42.  With GnuPG
2.4.4 we use an entire different and safer approach by introducing an
ephemeral private key store.

GnuPG-bug-id: 6944
This commit is contained in:
Werner Koch 2024-01-24 11:29:24 +01:00
parent 9938e8d3f4
commit 3b69d8bf71
No known key found for this signature in database
GPG key ID: E3FDFF218E45B72B
10 changed files with 51 additions and 27 deletions

View file

@ -69,7 +69,7 @@ store_key (gcry_sexp_t private, const char *passphrase, int force,
buf = p;
}
rc = agent_write_private_key (grip, buf, len, force,
rc = agent_write_private_key (grip, buf, len, force, 0,
NULL, NULL, NULL, timestamp);
xfree (buf);
return rc;