mirror of
git://git.gnupg.org/gnupg.git
synced 2025-07-02 22:46:30 +02:00
Fixed card key generation of gpg2.
Reveal less information about timings while generating a key.
This commit is contained in:
Werner Koch
parent
fa84b8cd82
commit
4631bc8ddf
51 changed files with 6316 additions and 5852 deletions
|
|
@ -1,3 +1,27 @@
|
|||
2007-07-05 Werner Koch <wk@g10code.com>
|
||||
|
||||
* card-util.c (card_generate_subkey, card_store_subkey): Enable
|
||||
the code also for GnuPG-2.
|
||||
|
||||
* keygen.c (make_backsig): Add arg TIMESTAMP.
|
||||
(write_keybinding): Add arg TIMESTAMP, pass it to make_backsig.
|
||||
(write_direct_sig, write_selfsigs): Add arg TIMESTAMP.
|
||||
(gen_elg, gen_dsa, gen_rsa): Add arg TIMESTAMP.
|
||||
(do_create): Ditto.
|
||||
(do_generate_keypair): Use the same timestamp for key creation
|
||||
time and all key signatures. Return an error if write_direct_sig
|
||||
for the secret key fails.
|
||||
(generate_subkeypair): Ditto.
|
||||
(gen_card_key): New arg TIMESTAMP.
|
||||
(generate_card_subkeypair): Pass current time to gen_card_key.
|
||||
(gen_card_key_with_backup): New arg TIMESTAMP.
|
||||
(read_parameter_file): Add option Creation-Date.
|
||||
(parse_creation_string): New.
|
||||
(do_generate_keypair): Use the Creation-Date if available.
|
||||
(save_unprotected_key_to_card): Use P for P and not D.
|
||||
* call-agent.c (agent_scd_genkey): Add arg CREATETIME.
|
||||
* keyedit.c (menu_backsign): Use the same timestamp for all backsigs.
|
||||
|
||||
2007-06-26 Werner Koch <wk@g10code.com>
|
||||
|
||||
* openfile.c (try_make_homedir): Support W32; use standard_homedir.
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
/* call-agent.c - divert operations to the agent
|
||||
* Copyright (C) 2001, 2002, 2003, 2006 Free Software Foundation, Inc.
|
||||
* Copyright (C) 2001, 2002, 2003, 2006, 2007 Free Software Foundation, Inc.
|
||||
*
|
||||
* This file is part of GnuPG.
|
||||
*
|
||||
|
|
@ -498,21 +498,32 @@ scd_genkey_cb (void *opaque, const char *line)
|
|||
}
|
||||
|
||||
/* Send a GENKEY command to the SCdaemon. SERIALNO is not used in
|
||||
this implementation. */
|
||||
this implementation. If CREATEDATE has been given, it will be
|
||||
passed to SCDAEMON so that the key can be created with this
|
||||
timestamp; note the user needs to use the returned timestamp as old
|
||||
versions of scddaemon don't support this option. */
|
||||
int
|
||||
agent_scd_genkey (struct agent_card_genkey_s *info, int keyno, int force,
|
||||
const char *serialno)
|
||||
const char *serialno, u32 createtime)
|
||||
{
|
||||
int rc;
|
||||
char line[ASSUAN_LINELENGTH];
|
||||
gnupg_isotime_t tbuf;
|
||||
|
||||
rc = start_agent ();
|
||||
if (rc)
|
||||
return rc;
|
||||
|
||||
if (createtime)
|
||||
epoch2isotime (tbuf, createtime);
|
||||
else
|
||||
*tbuf = 0;
|
||||
|
||||
memset (info, 0, sizeof *info);
|
||||
snprintf (line, DIM(line)-1, "SCD GENKEY %s%d",
|
||||
force? "--force ":"", keyno);
|
||||
snprintf (line, DIM(line)-1, "SCD GENKEY %s%s %s %d",
|
||||
*tbuf? "--timestamp=":"", tbuf,
|
||||
force? "--force":"",
|
||||
keyno);
|
||||
line[DIM(line)-1] = 0;
|
||||
|
||||
memset (info, 0, sizeof *info);
|
||||
|
|
|
|||
|
|
@ -82,7 +82,7 @@ int agent_scd_writekey (int keyno, const char *serialno,
|
|||
|
||||
/* Send a GENKEY command to the SCdaemon. */
|
||||
int agent_scd_genkey (struct agent_card_genkey_s *info, int keyno, int force,
|
||||
const char *serialno);
|
||||
const char *serialno, u32 createtime);
|
||||
|
||||
/* Send a PKSIGN command to the SCdaemon. */
|
||||
int agent_scd_pksign (const char *keyid, int hashalgo,
|
||||
|
|
|
|||
|
|
@ -999,7 +999,7 @@ restore_forced_chv1 (int *forced_chv1)
|
|||
}
|
||||
}
|
||||
|
||||
#if GNUPG_MAJOR_VERSION == 1
|
||||
|
||||
/* Helper for the key generation/edit functions. */
|
||||
static void
|
||||
show_card_key_info (struct agent_card_info_s *info)
|
||||
|
|
@ -1012,9 +1012,8 @@ show_card_key_info (struct agent_card_info_s *info)
|
|||
print_sha1_fpr (NULL, info->fpr3valid? info->fpr3:NULL);
|
||||
tty_printf ("\n");
|
||||
}
|
||||
#endif
|
||||
|
||||
#if GNUPG_MAJOR_VERSION == 1
|
||||
|
||||
/* Helper for the key generation/edit functions. */
|
||||
static int
|
||||
replace_existing_key_p (struct agent_card_info_s *info, int keyno)
|
||||
|
|
@ -1034,7 +1033,6 @@ replace_existing_key_p (struct agent_card_info_s *info, int keyno)
|
|||
}
|
||||
return 0;
|
||||
}
|
||||
#endif
|
||||
|
||||
|
||||
static void
|
||||
|
|
@ -1104,7 +1102,6 @@ generate_card_keys (const char *serialno)
|
|||
int
|
||||
card_generate_subkey (KBNODE pub_keyblock, KBNODE sec_keyblock)
|
||||
{
|
||||
#if GNUPG_MAJOR_VERSION == 1
|
||||
struct agent_card_info_s info;
|
||||
int okay = 0;
|
||||
int forced_chv1 = 0;
|
||||
|
|
@ -1151,9 +1148,6 @@ card_generate_subkey (KBNODE pub_keyblock, KBNODE sec_keyblock)
|
|||
agent_release_card_info (&info);
|
||||
restore_forced_chv1 (&forced_chv1);
|
||||
return okay;
|
||||
#else
|
||||
return 0;
|
||||
#endif
|
||||
}
|
||||
|
||||
|
||||
|
|
@ -1164,7 +1158,6 @@ card_generate_subkey (KBNODE pub_keyblock, KBNODE sec_keyblock)
|
|||
int
|
||||
card_store_subkey (KBNODE node, int use)
|
||||
{
|
||||
#if GNUPG_MAJOR_VERSION == 1
|
||||
struct agent_card_info_s info;
|
||||
int okay = 0;
|
||||
int rc;
|
||||
|
|
@ -1266,7 +1259,7 @@ card_store_subkey (KBNODE node, int use)
|
|||
n = pubkey_get_nskey (sk->pubkey_algo);
|
||||
for (i=pubkey_get_npkey (sk->pubkey_algo); i < n; i++)
|
||||
{
|
||||
mpi_free (sk->skey[i]);
|
||||
gcry_mpi_release (sk->skey[i]);
|
||||
sk->skey[i] = NULL;
|
||||
}
|
||||
i = pubkey_get_npkey (sk->pubkey_algo);
|
||||
|
|
@ -1285,9 +1278,6 @@ card_store_subkey (KBNODE node, int use)
|
|||
free_secret_key (copied_sk);
|
||||
agent_release_card_info (&info);
|
||||
return okay;
|
||||
#else
|
||||
return 0;
|
||||
#endif
|
||||
}
|
||||
|
||||
|
||||
|
|
|
|||
|
|
@ -3652,6 +3652,7 @@ menu_backsign(KBNODE pub_keyblock,KBNODE sec_keyblock)
|
|||
PKT_public_key *main_pk;
|
||||
PKT_secret_key *main_sk,*sub_sk=NULL;
|
||||
KBNODE node;
|
||||
u32 timestamp;
|
||||
|
||||
assert(pub_keyblock->pkt->pkttype==PKT_PUBLIC_KEY);
|
||||
assert(sec_keyblock->pkt->pkttype==PKT_SECRET_KEY);
|
||||
|
|
@ -3661,6 +3662,10 @@ menu_backsign(KBNODE pub_keyblock,KBNODE sec_keyblock)
|
|||
main_sk=copy_secret_key(NULL,sec_keyblock->pkt->pkt.secret_key);
|
||||
keyid_from_pk(main_pk,NULL);
|
||||
|
||||
/* We use the same timestamp for all backsigs so that we don't
|
||||
reveal information about the used machine. */
|
||||
timestamp = make_timestamp ();
|
||||
|
||||
for(node=pub_keyblock;node;node=node->next)
|
||||
{
|
||||
PKT_public_key *sub_pk=NULL;
|
||||
|
|
@ -3748,7 +3753,8 @@ menu_backsign(KBNODE pub_keyblock,KBNODE sec_keyblock)
|
|||
set_next_passphrase(passphrase);
|
||||
xfree(passphrase);
|
||||
|
||||
rc=make_backsig(sig_pk->pkt->pkt.signature,main_pk,sub_pk,sub_sk);
|
||||
rc = make_backsig (sig_pk->pkt->pkt.signature, main_pk, sub_pk, sub_sk,
|
||||
timestamp);
|
||||
if(rc==0)
|
||||
{
|
||||
PKT_signature *newsig;
|
||||
|
|
|
|||
1789
g10/keygen.c
1789
g10/keygen.c
File diff suppressed because it is too large
Load diff
|
|
@ -198,7 +198,8 @@ int keygen_add_keyserver_url(PKT_signature *sig, void *opaque);
|
|||
int keygen_add_notations(PKT_signature *sig,void *opaque);
|
||||
int keygen_add_revkey(PKT_signature *sig, void *opaque);
|
||||
int make_backsig(PKT_signature *sig,PKT_public_key *pk,
|
||||
PKT_public_key *sub_pk,PKT_secret_key *sub_sk);
|
||||
PKT_public_key *sub_pk,PKT_secret_key *sub_sk,
|
||||
u32 timestamp);
|
||||
int generate_subkeypair( KBNODE pub_keyblock, KBNODE sec_keyblock );
|
||||
#ifdef ENABLE_CARD_SUPPORT
|
||||
int generate_card_subkeypair (KBNODE pub_keyblock, KBNODE sec_keyblock,
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue