gpg: Fix leftover unprotected card backup key.

* agent/command.c (cmd_learn): Add option --reallyforce. * agent/findkey.c (agent_write_private_key): Implement reallyforce. Also add arg reallyforce and pass it along the call chain. * g10/call-agent.c (agent_scd_learn): Pass --reallyforce with a special force value. * g10/keygen.c (card_store_key_with_backup): Use that force value. -- This was a regression in 2.2.42. We took the easy path to fix it by getting the behaviour back to what we did prior to 2.2.42. With GnuPG 2.4.4 we use an entire different and safer approach by introducing an ephemeral private key store. GnuPG-bug-id: 6944
2025-07-02 22:46:30 +02:00 · 2024-01-24 11:29:24 +01:00 · 2024-01-24 11:29:24 +01:00 · 3b69d8bf71
commit 3b69d8bf71
parent 9938e8d3f4
10 changed files with 51 additions and 27 deletions
--- a/g10/keygen.c
+++ b/g10/keygen.c
@ -5201,8 +5201,11 @@ card_store_key_with_backup (ctrl_t ctrl, PKT_public_key *sub_psk,
  if (err)
    log_error ("writing card key to backup file: %s\n", gpg_strerror (err));
  else
-    /* Remove secret key data in agent side.  */
-    agent_scd_learn (NULL, 1);
+    {
+      /* Remove secret key data in agent side.  We use force 2 here to
+       * allow overwriting of the temporary private key.  */
+      agent_scd_learn (NULL, 2);
+    }

 leave:
  xfree (ecdh_param_str);