security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2024-06-17 00:39:50 +02:00
Code Activity

* gpg.sgml: Document "addcardkey" and "keytocard".

Browse Source 
* apdu.c (open_pcsc_reader): Do not print empty reader string.

* keygen.c (ask_algo): Allow creation of AUTH keys.

* keyid.c (usagestr_from_pk): New.

* app-openpgp.c (app_openpgp_storekey): Call flush_cache.

* keyedit.c (keyedit_menu): New command "keytocard"
(keyedit_menu): Bad hack for the not_with_sk element.
(show_key_with_all_names): Print the usage.
(find_pk_from_sknode): New.

* card-util.c (card_store_subkey): New.
(copy_mpi): New.
* cardglue.c (agent_openpgp_storekey): New.
This commit is contained in:
Werner Koch 2004-09-23 13:32:31 +00:00
parent d937ace2f8
commit 42c18de83a
15 changed files with 589 additions and 125 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
NEWS
View File

@ -10,8 +10,8 @@ Noteworthy changes in version 1.3.7
for smartcards.
* New command "addcardkey" in the key edit menu to add subkeys to
a smartcard. The serial number of the card is show in secret
key listings.
a smartcard. New command "keytocard" to transfer a key to a smartcard.
The serial number of the card is show in secret key listings.
* -K may now be used as an alias for --list-secret-keys.

4
doc/ChangeLog
View File

@ -1,3 +1,7 @@
2004-09-23 Werner Koch <wk@g10code.com>
* gpg.sgml: Document "addcardkey" and "keytocard".
2004-09-20 Werner Koch <wk@g10code.com>
* gpg.sgml: Document -K.

11
doc/gpg.sgml
View File

@ -414,6 +414,17 @@ Add a subkey to this key.</para></listitem></varlistentry>
<listitem><para>
Generate a key on a card and add it
to this key.</para></listitem></varlistentry>
<varlistentry>
<term>keytocard</term>
<listitem><para>
Transfer the selected secret key (or the primary key if no key has
been selected) to a smartcard. The secret key in the keyring will be
replaced by a stub if the key could be stored successfully on the card
and you use the save command later. Only certain key types may be
transferred to the card. A sub menu allows you to select on what card
to store the key. Note that it is not possible to get that key back
from the card - if the card gets broken your secret key will be lost
unless you have a backup somewhere.</para></listitem></varlistentry>
<varlistentry>
<term>delkey</term>
<listitem><para>

27
g10/ChangeLog
View File

@ -1,3 +1,30 @@
2004-09-23 Werner Koch <wk@g10code.com>
* apdu.c (open_pcsc_reader): Do not print empty reader string.
* keygen.c (ask_algo): Allow creation of AUTH keys.
* keyid.c (usagestr_from_pk): New.
* app-openpgp.c (app_openpgp_storekey): Call flush_cache.
* keyedit.c (keyedit_menu): New command "keytocard"
(keyedit_menu): Bad hack for the not_with_sk element.
(show_key_with_all_names): Print the usage.
(find_pk_from_sknode): New.
* card-util.c (card_store_subkey): New.
(copy_mpi): New.
* cardglue.c (agent_openpgp_storekey): New.
2004-09-22 Werner Koch <wk@g10code.com>
* card-util.c (card_generate_subkey, generate_card_keys): Factored
common code out to ...
(get_info_for_key_operation, check_pin_for_key_operation)
(restore_forced_chv1, replace_existing_key_p)
(show_card_key_info): ... new functions.
2004-09-21 David Shaw <dshaw@jabberwocky.com>
* mainproc.c (check_sig_and_print), keyedit.c (show_prefs,

3
g10/apdu.c
View File

@ -1119,7 +1119,8 @@ open_pcsc_reader (const char *portstr)
{
if (!*p && !p[1])
break;
log_info ("detected reader `%s'\n", p);
if (*p)
log_info ("detected reader `%s'\n", p);
if (nreader < (strlen (p)+1))
{
log_error ("invalid response from pcsc_list_readers\n");

6
g10/app-common.h
View File

@ -143,6 +143,7 @@ int app_openpgp_cardinfo (app_t app,
unsigned char **fpr1,
unsigned char **fpr2,
unsigned char **fpr3);
#endif /* GNUPG_MAJOR_VERSION != 1 */
int app_openpgp_storekey (app_t app, int keyno,
unsigned char *template, size_t template_len,
time_t created_at,
@ -153,6 +154,8 @@ int app_openpgp_storekey (app_t app, int keyno,
int app_openpgp_readkey (app_t app, int keyno,
unsigned char **m, size_t *mlen,
unsigned char **e, size_t *elen);
#if GNUPG_MAJOR_VERSION == 1
#else
/*-- app-nks.c --*/
int app_select_nks (app_t app);
@ -160,8 +163,7 @@ int app_select_nks (app_t app);
int app_select_dinsig (app_t app);
#endif
#endif /* GNUPG_MAJOR_VERSION != 1 */
#endif /*GNUPG_SCD_APP_COMMON_H*/

2
g10/app-openpgp.c
View File

@ -432,7 +432,6 @@ store_fpr (int slot, int keynumber, u32 timestamp,
*p++ = nbits;
memcpy (p, e, elen); p += elen;
log_printhex ("fprbuf:", buffer, n+3);
gcry_md_hash_buffer (GCRY_MD_SHA1, fpr, buffer, n+3);
xfree (buffer);
@ -1551,6 +1550,7 @@ app_openpgp_storekey (APP app, int keyno,
if (rc)
goto leave;
flush_cache (app);
rc = iso7816_put_data (app->slot,
(app->card_version > 0x0007? 0xE0 : 0xE9) + keyno,

496
g10/card-util.c
View File

@ -43,6 +43,39 @@
#define CONTROL_D ('D' - 'A' + 1)
#if GNUPG_MAJOR_VERSION == 1
#define GET_NBITS(a) mpi_get_nbits (a)
#else
#define GET_NBITS(a) gcry_mpi_get_nbits (a)
#endif
static int
copy_mpi (MPI a, unsigned char *buffer, size_t len, size_t *ncopied)
{
int rc;
#if GNUPG_MAJOR_VERSION == 1
unsigned char *tmp;
unsigned int n;
tmp = mpi_get_secure_buffer (a, &n, NULL);
if (n > len)
rc = G10ERR_GENERAL;
else
{
rc = 0;
memcpy (buffer, tmp, n);
*ncopied = n;
}
xfree (tmp);
#else /* GNUPG_MAJOR_VERSION != 1 */
rc = gcry_mpi_print (GCRYMPI_FMT_USG, buffer, len, ncopied, a);
#endif /* GNUPG_MAJOR_VERSION != 1 */
if (rc)
log_error ("mpi_copy failed: %s\n", gpg_strerror (rc));
return rc;
}
/* Change the PIN of a an OpenPGP card. This is an interactive
function. */
@ -749,26 +782,125 @@ toggle_forcesig (void)
}
/* Helper for the key generation/edit functions. */
static int
get_info_for_key_operation (struct agent_card_info_s *info)
{
int rc;
memset (info, 0, sizeof *info);
rc = agent_scd_getattr ("SERIALNO", info);
if (rc || !info->serialno || strncmp (info->serialno, "D27600012401", 12)
|| strlen (info->serialno) != 32 )
{
log_error (_("key operation not possible: %s\n"),
rc ? gpg_strerror (rc) : _("not an OpenPGP card"));
return rc? rc: -1;
}
rc = agent_scd_getattr ("KEY-FPR", info);
if (!rc)
rc = agent_scd_getattr ("CHV-STATUS", info);
if (!rc)
rc = agent_scd_getattr ("DISP-NAME", info);
if (rc)
log_error (_("error getting current key info: %s\n"), gpg_strerror (rc));
return rc;
}
/* Helper for the key generation/edit functions. */
static int
check_pin_for_key_operation (struct agent_card_info_s *info, int *forced_chv1)
{
int rc = 0;
*forced_chv1 = !info->chv1_cached;
if (*forced_chv1)
{ /* Switch of the forced mode so that during key generation we
don't get bothered with PIN queries for each
self-signature. */
rc = agent_scd_setattr ("CHV-STATUS-1", "\x01", 1);
if (rc)
{
log_error ("error clearing forced signature PIN flag: %s\n",
gpg_strerror (rc));
*forced_chv1 = 0;
}
}
if (!rc)
{
/* Check the PIN now, so that we won't get asked later for each
binding signature. */
rc = agent_scd_checkpin (info->serialno);
if (rc)
log_error ("error checking the PIN: %s\n", gpg_strerror (rc));
}
return rc;
}
/* Helper for the key generation/edit functions. */
static void
restore_forced_chv1 (int *forced_chv1)
{
int rc;
if (*forced_chv1)
{ /* Switch back to forced state. */
rc = agent_scd_setattr ("CHV-STATUS-1", "", 1);
if (rc)
{
log_error ("error setting forced signature PIN flag: %s\n",
gpg_strerror (rc));
}
}
}
/* Helper for the key generation/edit functions. */
static void
show_card_key_info (struct agent_card_info_s *info)
{
tty_fprintf (NULL, "Signature key ....:");
print_sha1_fpr (NULL, info->fpr1valid? info->fpr1:NULL);
tty_fprintf (NULL, "Encryption key....:");
print_sha1_fpr (NULL, info->fpr2valid? info->fpr2:NULL);
tty_fprintf (NULL, "Authentication key:");
print_sha1_fpr (NULL, info->fpr3valid? info->fpr3:NULL);
tty_printf ("\n");
}
/* Helper for the key generation/edit functions. */
static int
replace_existing_key_p (struct agent_card_info_s *info, int keyno)
{
assert (keyno >= 0 && keyno <= 3);
if ((keyno == 1 && info->fpr1valid)
|| (keyno == 2 && info->fpr2valid)
|| (keyno == 3 && info->fpr3valid))
{
tty_printf ("\n");
log_info ("WARNING: such a key has already been stored on the card!\n");
tty_printf ("\n");
if ( !cpr_get_answer_is_yes( "cardedit.genkeys.replace_key",
_("Replace existing key? ")))
return -1;
}
return 0;
}
static void
generate_card_keys (const char *serialno)
{
struct agent_card_info_s info;
int rc;
int forced_chv1;
memset (&info, 0, sizeof info);
rc = agent_scd_getattr ("KEY-FPR", &info);
if (!rc)
rc = agent_scd_getattr ("SERIALNO", &info);
if (!rc)
rc = agent_scd_getattr ("CHV-STATUS", &info);
if (!rc)
rc = agent_scd_getattr ("DISP-NAME", &info);
if (rc)
{
log_error ("error getting current key info: %s\n", gpg_strerror (rc));
return;
}
if (get_info_for_key_operation (&info))
return;
if ( (info.fpr1valid && !fpr_is_zero (info.fpr1))
|| (info.fpr2valid && !fpr_is_zero (info.fpr2))
|| (info.fpr3valid && !fpr_is_zero (info.fpr3)))
@ -793,39 +925,14 @@ generate_card_keys (const char *serialno)
tty_printf ("\n");
}
forced_chv1 = !info.chv1_cached;
if (forced_chv1)
{ /* Switch of the forced mode so that during key generation we
don't get bothered with PIN queries for each
self-signature. */
rc = agent_scd_setattr ("CHV-STATUS-1", "\x01", 1);
if (rc)
{
log_error ("error clearing forced signature PIN flag: %s\n",
gpg_strerror (rc));
return;
}
}
/* Check the PIN now, so that we won't get asked later for each
binding signature. */
rc = agent_scd_checkpin (serialno);
if (rc)
log_error ("error checking the PIN: %s\n", gpg_strerror (rc));
else
generate_keypair (NULL, info.serialno);
if (check_pin_for_key_operation (&info, &forced_chv1))
goto leave;
generate_keypair (NULL, info.serialno);
leave:
agent_release_card_info (&info);
if (forced_chv1)
{ /* Switch back to forced state. */
rc = agent_scd_setattr ("CHV-STATUS-1", "", 1);
if (rc)
{
log_error ("error setting forced signature PIN flag: %s\n",
gpg_strerror (rc));
return;
}
}
restore_forced_chv1 (&forced_chv1);
}
@ -837,34 +944,12 @@ card_generate_subkey (KBNODE pub_keyblock, KBNODE sec_keyblock)
struct agent_card_info_s info;
int okay = 0;
int forced_chv1 = 0;
int rc;
int keyno;
memset (&info, 0, sizeof info);
rc = agent_scd_getattr ("SERIALNO", &info);
if (rc || !info.serialno || strncmp (info.serialno, "D27600012401", 12)
|| strlen (info.serialno) != 32 )
{
log_error (_("cannot generate key: %s\n"),
rc ? gpg_strerror (rc) : _("not an OpenPGP card"));
goto leave;
}
rc = agent_scd_getattr ("KEY-FPR", &info);
if (!rc)
rc = agent_scd_getattr ("CHV-STATUS", &info);
if (rc)
{
log_error ("error getting current key info: %s\n", gpg_strerror (rc));
goto leave;
}
tty_fprintf (NULL, "Signature key ....:");
print_sha1_fpr (NULL, info.fpr1valid? info.fpr1:NULL);
tty_fprintf (NULL, "Encryption key....:");
print_sha1_fpr (NULL, info.fpr2valid? info.fpr2:NULL);
tty_fprintf (NULL, "Authentication key:");
print_sha1_fpr (NULL, info.fpr3valid? info.fpr3:NULL);
tty_printf ("\n");
if (get_info_for_key_operation (&info))
return 0;
show_card_key_info (&info);
tty_printf (_("Please select the type of key to generate:\n"));
@ -889,54 +974,239 @@ card_generate_subkey (KBNODE pub_keyblock, KBNODE sec_keyblock)
tty_printf(_("Invalid selection.\n"));
}
if ((keyno == 1 && info.fpr1valid)
|| (keyno == 2 && info.fpr2valid)
|| (keyno == 3 && info.fpr3valid))
{
tty_printf ("\n");
log_info ("WARNING: such a key has already been stored on the card!\n");
tty_printf ("\n");
if ( !cpr_get_answer_is_yes( "cardedit.genkeys.replace_key",
_("Replace existing key? ")))
goto leave;
}
if (replace_existing_key_p (&info, keyno))
goto leave;
forced_chv1 = !info.chv1_cached;
if (forced_chv1)
{ /* Switch of the forced mode so that during key generation we
don't get bothered with PIN queries for each
self-signature. */
rc = agent_scd_setattr ("CHV-STATUS-1", "\x01", 1);
if (rc)
{
log_error ("error clearing forced signature PIN flag: %s\n",
gpg_strerror (rc));
forced_chv1 = 0;
goto leave;
}
}
if (check_pin_for_key_operation (&info, &forced_chv1))
goto leave;
/* Check the PIN now, so that we won't get asked later for each
binding signature. */
rc = agent_scd_checkpin (info.serialno);
if (rc)
log_error ("error checking the PIN: %s\n", gpg_strerror (rc));
else
okay = generate_card_subkeypair (pub_keyblock, sec_keyblock,
keyno, info.serialno);
okay = generate_card_subkeypair (pub_keyblock, sec_keyblock,
keyno, info.serialno);
leave:
agent_release_card_info (&info);
if (forced_chv1)
{ /* Switch back to forced state. */
rc = agent_scd_setattr ("CHV-STATUS-1", "", 1);
if (rc)
{
log_error ("error setting forced signature PIN flag: %s\n",
gpg_strerror (rc));
return okay;
}
restore_forced_chv1 (&forced_chv1);
return okay;
}
/* Store the subkey at NODE into the smartcard and modify NODE to
carry the serrialno stuff instead of the actual secret key
parameters. */
int
card_store_subkey (KBNODE node, int use)
{
struct agent_card_info_s info;
int okay = 0;
int rc;
int keyno, i;
PKT_secret_key *copied_sk = NULL;
PKT_secret_key *sk;
size_t n;
MPI rsa_n, rsa_e, rsa_p, rsa_q;
unsigned int nbits;
unsigned char *template = NULL;
unsigned char *tp;
unsigned char m[128], e[4];
size_t mlen, elen;
const char *s;
int allow_keyno[3];
assert (node->pkt->pkttype == PKT_SECRET_KEY
|| node->pkt->pkttype == PKT_SECRET_SUBKEY);
sk = node->pkt->pkt.secret_key;
if (get_info_for_key_operation (&info))
return 0;
show_card_key_info (&info);
if (!is_RSA (sk->pubkey_algo) || nbits_from_sk (sk) != 1024 )
{
tty_printf ("You may only store a 1024 bit RSA key on the card\n");
tty_printf ("\n");
goto leave;
}
allow_keyno[0] = (!use || (use & (PUBKEY_USAGE_SIG)));
allow_keyno[1] = (!use || (use & (PUBKEY_USAGE_ENC)));
allow_keyno[2] = (!use || (use & (PUBKEY_USAGE_SIG|PUBKEY_USAGE_AUTH)));
tty_printf (_("Please select where to store the key:\n"));
if (allow_keyno[0])
tty_printf (_(" (1) Signature key\n"));
if (allow_keyno[1])
tty_printf (_(" (2) Encryption key\n"));
if (allow_keyno[2])
tty_printf (_(" (3) Authentication key\n"));
for (;;)
{
char *answer = cpr_get ("cardedit.genkeys.storekeytype",
_("Your selection? "));
cpr_kill_prompt();
if (*answer == CONTROL_D || !*answer)
{
xfree (answer);
goto leave;
}
keyno = *answer? atoi(answer): 0;
xfree(answer);
if (keyno >= 1 && keyno <= 3 && allow_keyno[keyno-1])
break; /* Okay. */
tty_printf(_("Invalid selection.\n"));
}
if (replace_existing_key_p (&info, keyno))
goto leave;
/* Unprotect key. */
switch (is_secret_key_protected (sk) )
{
case 0: /* Not protected. */
break;
case -1:
log_error (_("unknown key protection algorithm\n"));
goto leave;
default:
if (sk->protect.s2k.mode == 1001)
{
log_error (_("secret parts of key are not available\n"));
goto leave;
}
if (sk->protect.s2k.mode == 1002)
{
log_error (_("secret key already stored on a card\n"));
goto leave;
}
/* We better copy the key before we unprotect it. */
copied_sk = sk = copy_secret_key (NULL, sk);
rc = check_secret_key (sk, 0);
if (rc)
goto leave;
}
/* Some basic checks on the key parameters. */
rsa_n = sk->skey[0];
rsa_e = sk->skey[1];
rsa_p = sk->skey[3];
rsa_q = sk->skey[4];
nbits = GET_NBITS (rsa_n);
if (nbits != 1024)
{
log_error (_("length of RSA modulus is not %d\n"), 1024);
goto leave;
}
nbits = GET_NBITS (rsa_e);
if (nbits < 2 || nbits > 32)
{
log_error (_("public exponent too large (more than 32 bits)\n"));
goto leave;
}
nbits = GET_NBITS (rsa_p);
if (nbits != 512)
{
log_error (_("length of an RSA prime is not %d\n"), 512);
goto leave;
}
nbits = GET_NBITS (rsa_q);
if (nbits != 512)
{
log_error (_("length of an RSA prime is not %d\n"), 512);
goto leave;
}
/* We need the modulus later to calculate the fingerprint. */
rc = copy_mpi (rsa_n, m, 128, &n);
if (rc)
goto leave;
assert (n == 128);
mlen = 128;
/* Build the private key template as described in section 4.3.3.6 of
the OpenPGP card specs:
0xC0 <length> public exponent
0xC1 <length> prime p
0xC2 <length> prime q
*/
template = tp = xmalloc_secure (1+2 + 1+1+4 + 1+1+(512/8) + 1+1+(512/8));
*tp++ = 0xC0;
*tp++ = 4;
rc = copy_mpi (rsa_e, tp, 4, &n);
if (rc)
goto leave;
assert (n <= 4);
memcpy (e, tp, n); /* Save a copy of the exponent for later use. */
elen = n;
if (n != 4)
{
memmove (tp+4-n, tp, 4-n);
memset (tp, 0, 4-n);
}
tp += 4;
*tp++ = 0xC1;
*tp++ = 64;
rc = copy_mpi (rsa_p, tp, 64, &n);
if (rc)
goto leave;
assert (n == 64);
tp += 64;
*tp++ = 0xC2;
*tp++ = 64;
rc = copy_mpi (rsa_q, tp, 64, &n);
if (rc)
goto leave;
assert (n == 64);
tp += 64;
assert (tp - template == 138);
rc = agent_openpgp_storekey (keyno,
template, tp - template,
sk->timestamp,
m, mlen,
e, elen);
if (rc)
goto leave;
xfree (template);
template = NULL;
/* Get back to the maybe protected original secret key. */
if (copied_sk)
{
free_secret_key (copied_sk);
copied_sk = NULL;
}
sk = node->pkt->pkt.secret_key;
/* Get rid of the secret key parameters and store the serial numer. */
n = pubkey_get_nskey (sk->pubkey_algo);
for (i=pubkey_get_npkey (sk->pubkey_algo); i < n; i++)
{
mpi_free (sk->skey[i]);
sk->skey[i] = NULL;
}
i = pubkey_get_npkey (sk->pubkey_algo);
sk->skey[i] = mpi_set_opaque (NULL, xstrdup ("dummydata"), 10);
sk->is_protected = 1;
sk->protect.s2k.mode = 1002;
s = info.serialno;
for (sk->protect.ivlen=0; sk->protect.ivlen < 16 && *s && s[1];
sk->protect.ivlen++, s += 2)
sk->protect.iv[sk->protect.ivlen] = xtoi_2 (s);
okay = 1;
leave:
if (copied_sk)
free_secret_key (copied_sk);
xfree (template);
agent_release_card_info (&info);
return okay;
}

19
g10/cardglue.c
View File

@ -827,3 +827,22 @@ agent_scd_checkpin (const char *serialnobuf)
return app->fnc.check_pin (app, serialnobuf, pin_cb, NULL);
}
/* Wrapper to call the store key helper function of app-openpgp.c. */
int
agent_openpgp_storekey (int keyno,
unsigned char *template, size_t template_len,
time_t created_at,
const unsigned char *m, size_t mlen,
const unsigned char *e, size_t elen)
{
APP app;
app = current_app? current_app : open_card ();
if (!app)
return gpg_error (GPG_ERR_CARD);
return app_openpgp_storekey (app, keyno, template, template_len,
created_at, m, mlen, e, elen,
pin_cb, NULL);
}

6
g10/cardglue.h
View File

@ -183,6 +183,12 @@ int agent_scd_change_pin (int chvno);
/* Send a CHECKPIN command. */
int agent_scd_checkpin (const char *serialnobuf);
/* Call the store key utility command. */
int agent_openpgp_storekey (int keyno,
unsigned char *template, size_t template_len,
time_t created_at,
const unsigned char *m, size_t mlen,
const unsigned char *e, size_t elen);
#endif /*ENABLE_CARD_SUPPORT*/
#endif /*GNUPG_G10_CARDGLUE_H*/

1
g10/keydb.h
View File

@ -258,6 +258,7 @@ const char *expirestr_from_pk( PKT_public_key *pk );
const char *expirestr_from_sk( PKT_secret_key *sk );
const char *expirestr_from_sig( PKT_signature *sig );
const char *revokestr_from_pk( PKT_public_key *pk );
const char *usagestr_from_pk( PKT_public_key *pk );
const char *colon_strtime (u32 t);
const char *colon_datestr_from_pk (PKT_public_key *pk);
const char *colon_datestr_from_sk (PKT_secret_key *sk);

77
g10/keyedit.c
View File

@ -95,6 +95,34 @@ struct sign_attrib {
};
/* Given a node SEC_NODE with a secret key or subkey, locate the
corresponding public key from pub_keyblock. */
static PKT_public_key *
find_pk_from_sknode (KBNODE pub_keyblock, KBNODE sec_node)
{
KBNODE node = pub_keyblock;
PKT_secret_key *sk;
PKT_public_key *pk;
if (sec_node->pkt->pkttype == PKT_SECRET_KEY
&& node->pkt->pkttype == PKT_PUBLIC_KEY)
return node->pkt->pkt.public_key;
if (sec_node->pkt->pkttype != PKT_SECRET_SUBKEY)
return NULL;
sk = sec_node->pkt->pkt.secret_key;
for (; node; node = node->next)
if (node->pkt->pkttype == PKT_PUBLIC_SUBKEY)
{
pk = node->pkt->pkt.public_key;
if (pk->keyid[0] == sk->keyid[0] && pk->keyid[1] == sk->keyid[1])
return pk;
}
return NULL;
}
/* TODO: Fix duplicated code between here and the check-sigs/list-sigs
code in keylist.c. */
static int
@ -1191,14 +1219,14 @@ keyedit_menu( const char *username, STRLIST locusr,
cmdTOGGLE, cmdSELKEY, cmdPASSWD, cmdTRUST, cmdPREF, cmdEXPIRE,
cmdENABLEKEY, cmdDISABLEKEY, cmdSHOWPREF, cmdSETPREF, cmdUPDPREF,
cmdPREFKS, cmdINVCMD, cmdSHOWPHOTO, cmdUPDTRUST, cmdCHKTRUST,
cmdADDCARDKEY,
cmdNOP };
cmdADDCARDKEY, cmdKEYTOCARD,
cmdNOP };
static struct { const char *name;
enum cmdids id;
int need_sk;
int not_with_sk;
int not_with_sk; /* but 2 == must use SK */
const char *desc;
} cmds[] = {
} cmds[] = {
{ N_("quit") , cmdQUIT , 0,0, N_("quit this menu") },
{ N_("q") , cmdQUIT , 0,0, NULL },
{ N_("save") , cmdSAVE , 0,0, N_("save and quit") },
@ -1226,7 +1254,8 @@ keyedit_menu( const char *username, STRLIST locusr,
{ N_("addkey") , cmdADDKEY , 1,1, N_("add a secondary key") },
#ifdef ENABLE_CARD_SUPPORT
{ N_("addcardkey"), cmdADDCARDKEY , 1,1, N_("add a key to a smartcard") },
#endif /* ENABLE_CARD_SUPPORT */
{ N_("keytocard"), cmdKEYTOCARD , 1,2, N_("move a key to a smartcard")},
#endif /*ENABLE_CARD_SUPPORT*/
{ N_("delkey") , cmdDELKEY , 0,1, N_("delete a secondary key") },
{ N_("addrevoker"),cmdADDREVOKER,1,1, N_("add a revocation key") },
{ N_("delsig") , cmdDELSIG , 0,1, N_("delete signatures") },
@ -1256,6 +1285,7 @@ keyedit_menu( const char *username, STRLIST locusr,
KBNODE sec_keyblock = NULL;
KEYDB_HANDLE sec_kdbhd = NULL;
KBNODE cur_keyblock;
KBNODE node;
char *answer = NULL;
int redisplay = 1;
int modified = 0;
@ -1379,7 +1409,8 @@ keyedit_menu( const char *username, STRLIST locusr,
tty_printf(_("Need the secret key to do this.\n"));
cmd = cmdNOP;
}
else if( cmds[i].not_with_sk && sec_keyblock && toggle ) {
else if( (cmds[i].not_with_sk == 1 && sec_keyblock && toggle)
||(cmds[i].not_with_sk == 2 && sec_keyblock && !toggle)) {
tty_printf(_("Please use the command \"toggle\" first.\n"));
cmd = cmdNOP;
}
@ -1543,6 +1574,38 @@ keyedit_menu( const char *username, STRLIST locusr,
merge_keys_and_selfsig( keyblock );
}
break;
case cmdKEYTOCARD:
node = NULL;
switch ( count_selected_keys (sec_keyblock) )
{
case 0:
if (cpr_get_answer_is_yes("keyedit.keytocard.use_primary",
_("Really move the primary key? ")))
node = sec_keyblock;
break;
case 1:
for (node = sec_keyblock; node; node = node->next )
{
if (node->pkt->pkttype == PKT_SECRET_SUBKEY
&& node->flag & NODFLG_SELKEY)
break;
}
break;
default:
tty_printf(_("You must select exactly one key.\n"));
break;
}
if (node)
{
PKT_public_key *xxpk = find_pk_from_sknode (keyblock, node);
if (card_store_subkey (node, xxpk?xxpk->pubkey_usage:0))
{
redisplay = 1;
sec_modified = 1;
}
}
break;
#endif /* ENABLE_CARD_SUPPORT */
case cmdDELKEY: {
@ -2176,6 +2239,8 @@ show_key_with_all_names( KBNODE keyblock, int only_marked, int with_revoker,
tty_printf(_("expired: %s"),expirestr_from_pk(pk));
else
tty_printf(_("expires: %s"),expirestr_from_pk(pk));
tty_printf(" ");
tty_printf(_("usage: %s"),usagestr_from_pk(pk));
tty_printf("\n");
if( node->pkt->pkttype == PKT_PUBLIC_KEY )

28
g10/keygen.c
View File

@ -1177,6 +1177,14 @@ ask_algo (int addmode, unsigned int *r_usage)
tty_printf( _(" (%d) RSA (encrypt only)\n"), 5 );
if (opt.expert)
tty_printf( _(" (%d) RSA (sign and encrypt)\n"), 6 );
if (opt.expert && addmode)
tty_printf( _(" (%d) RSA (auth only)\n"), 7 );
if (opt.expert)
tty_printf( _(" (%d) RSA (sign and auth)\n"), 8 );
if (opt.expert && addmode)
tty_printf( _(" (%d) RSA (encrypt and auth)\n"), 9 );
if (opt.expert)
tty_printf( _(" (%d) RSA (sign, encrypt and auth)\n"), 10 );
for(;;) {
answer = cpr_get("keygen.algo",_("Your selection? "));
@ -1187,6 +1195,26 @@ ask_algo (int addmode, unsigned int *r_usage)
algo = 0; /* create both keys */
break;
}
else if( algo == 10 && opt.expert ) {
algo = PUBKEY_ALGO_RSA;
*r_usage = PUBKEY_USAGE_ENC | PUBKEY_USAGE_SIG | PUBKEY_USAGE_AUTH;
break;
}
else if( algo == 9 && opt.expert && addmode) {
algo = PUBKEY_ALGO_RSA;
*r_usage = PUBKEY_USAGE_ENC | PUBKEY_USAGE_AUTH;
break;
}
else if( algo == 8 && opt.expert ) {
algo = PUBKEY_ALGO_RSA;
*r_usage = PUBKEY_USAGE_SIG | PUBKEY_USAGE_AUTH;
break;
}
else if( algo == 7 && opt.expert && addmode) {
algo = PUBKEY_ALGO_RSA;
*r_usage = PUBKEY_USAGE_AUTH;
break;
}
else if( algo == 6 && opt.expert ) {
algo = PUBKEY_ALGO_RSA;
*r_usage = PUBKEY_USAGE_ENC | PUBKEY_USAGE_SIG;

29
g10/keyid.c
View File

@ -535,6 +535,35 @@ revokestr_from_pk( PKT_public_key *pk )
return mk_datestr (buffer, atime);
}
const char *
usagestr_from_pk( PKT_public_key *pk )
{
static char buffer[10];
int i = 0;
unsigned int use = pk->pubkey_usage;
if ( use & PUBKEY_USAGE_SIG )
{
if (pk->is_primary)
buffer[i++] = 'C';
buffer[i++] = 'S';
}
if ( use & PUBKEY_USAGE_ENC )
buffer[i++] = 'E';
if ( (use & PUBKEY_USAGE_AUTH) )
buffer[i++] = 'A';
while (i < 4)
buffer[i++] = ' ';
buffer[i] = 0;
return buffer;
}
const char *
colon_strtime (u32 t)
{

1
g10/main.h
View File

@ -262,6 +262,7 @@ void change_pin (int no);
void card_status (FILE *fp, char *serialno, size_t serialnobuflen);
void card_edit (STRLIST commands);
int card_generate_subkey (KBNODE pub_keyblock, KBNODE sec_keyblock);
int card_store_subkey (KBNODE node, int use);
#endif
#endif /*G10_MAIN_H*/