security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-07-03 22:56:33 +02:00
Code Activity

gpg: Fix leftover unprotected card backup key.

Browse source 
* agent/command.c (cmd_learn): Add option --reallyforce.
* agent/findkey.c (agent_write_private_key): Implement reallyforce.
Also add arg reallyforce and pass it along the call chain.

* g10/call-agent.c (agent_scd_learn): Pass --reallyforce with a
special force value.
* g10/keygen.c (card_store_key_with_backup): Use that force value.
--

This was a regression in 2.2.42.  We took the easy path to fix it by
getting the behaviour back to what we did prior to 2.2.42.  With GnuPG
2.4.4 we use an entire different and safer approach by introducing an
ephemeral private key store.

GnuPG-bug-id: 6944
This commit is contained in:
Werner Koch 2024-01-24 11:29:24 +01:00
parent 9938e8d3f4
commit 3b69d8bf71
No known key found for this signature in database
GPG key ID: E3FDFF218E45B72B
10 changed files with 51 additions and 27 deletions
Download patch file Download diff file Expand all files Collapse all files

6
g10/call-agent.c
View file

@ -745,6 +745,11 @@ learn_status_cb (void *opaque, const char *line)
* card-util.c
* keyedit_menu
* card_store_key_with_backup (Woth force to remove secret key data)
*
* If force has the value 2 the --reallyforce option is also used.
* This is to make sure the sshadow key overwrites the private key.
* Note that this option is gnupg 2.2 specific because since 2.4.4 an
* ephemeral private key store is used instead.
*/
int
agent_scd_learn (struct agent_card_info_s *info, int force)
@ -764,6 +769,7 @@ agent_scd_learn (struct agent_card_info_s *info, int force)
parm.ctx = agent_ctx;
rc = assuan_transact (agent_ctx,
force == 2? "LEARN --sendinfo --force --reallyforce" :
force ? "LEARN --sendinfo --force" : "LEARN --sendinfo",
dummy_data_cb, NULL, default_inq_cb, &parm,
learn_status_cb, info);

7
g10/keygen.c
View file

@ -5201,8 +5201,11 @@ card_store_key_with_backup (ctrl_t ctrl, PKT_public_key *sub_psk,
if (err)
log_error ("writing card key to backup file: %s\n", gpg_strerror (err));
else
/* Remove secret key data in agent side. */
agent_scd_learn (NULL, 1);
{
/* Remove secret key data in agent side. We use force 2 here to
* allow overwriting of the temporary private key. */
agent_scd_learn (NULL, 2);
}
leave:
xfree (ecdh_param_str);