security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-04-12 22:11:29 +02:00
Code Activity

scd:piv: Support listing of retired keys with KEYINFO.

Browse Source 
* scd/app-piv.c (data_objects): Mark returned key as having a keypair.
(do_with_keygrip): Check against encrusage and not used one tag.

* tools/gpg-card.c (piv_keyref_is_retired): New.
(list_all_kinfo): Pretty print retired keys.
--

This allows to list all existing retired keys without using separate
readkey commands.
This commit is contained in:
Werner Koch 2024-05-06 09:48:20 +02:00
parent 467239dccb
commit 473f37a53e
No known key found for this signature in database
GPG Key ID: E3FDFF218E45B72B
3 changed files with 47 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
doc/gpg-card.texi
View File

@ -546,7 +546,7 @@ be printed; to create a new key anyway the option @samp{--force} can be
used. Note that only the private and public keys have been created used. Note that only the private and public keys have been created
but no certificates are stored in the key slots. In fact, GnuPG uses but no certificates are stored in the key slots. In fact, GnuPG uses
its own non-standard method to store just the public key in place of its own non-standard method to store just the public key in place of
the the certificate. Other application will not be able to make use the certificate. Other application will not be able to make use
these keys until @command{gpgsm} or another tool has been used to these keys until @command{gpgsm} or another tool has been used to
create and store the respective certificates. Let us see what the create and store the respective certificates. Let us see what the
list command now shows: list command now shows:

42
scd/app-piv.c
View File

@ -128,45 +128,45 @@ static struct data_object_s data_objects[] = {
"Discovery Object" }, "Discovery Object" },
{ 0x5FC10C, 0, 0,1, 0,0, 0, "", "2.96.96", NULL, { 0x5FC10C, 0, 0,1, 0,0, 0, "", "2.96.96", NULL,
"Key History Object" }, "Key History Object" },
{ 0x5FC10D, 0, 0,1, 0,0, 0, "82", "2.16.1", "e", { 0x5FC10D, 0, 0,1, 0,0, 1, "82", "2.16.1", "e",
"Retired Cert Key Mgm 1" }, "Retired Cert Key Mgm 1" },
{ 0x5FC10E, 0, 0,1, 0,0, 0, "83", "2.16.2", "e", { 0x5FC10E, 0, 0,1, 0,0, 1, "83", "2.16.2", "e",
"Retired Cert Key Mgm 2" }, "Retired Cert Key Mgm 2" },
{ 0x5FC10F, 0, 0,1, 0,0, 0, "84", "2.16.3", "e", { 0x5FC10F, 0, 0,1, 0,0, 1, "84", "2.16.3", "e",
"Retired Cert Key Mgm 3" }, "Retired Cert Key Mgm 3" },
{ 0x5FC110, 0, 0,1, 0,0, 0, "85", "2.16.4", "e", { 0x5FC110, 0, 0,1, 0,0, 1, "85", "2.16.4", "e",
"Retired Cert Key Mgm 4" }, "Retired Cert Key Mgm 4" },
{ 0x5FC111, 0, 0,1, 0,0, 0, "86", "2.16.5", "e", { 0x5FC111, 0, 0,1, 0,0, 1, "86", "2.16.5", "e",
"Retired Cert Key Mgm 5" }, "Retired Cert Key Mgm 5" },
{ 0x5FC112, 0, 0,1, 0,0, 0, "87", "2.16.6", "e", { 0x5FC112, 0, 0,1, 0,0, 1, "87", "2.16.6", "e",
"Retired Cert Key Mgm 6" }, "Retired Cert Key Mgm 6" },
{ 0x5FC113, 0, 0,1, 0,0, 0, "88", "2.16.7", "e", { 0x5FC113, 0, 0,1, 0,0, 1, "88", "2.16.7", "e",
"Retired Cert Key Mgm 7" }, "Retired Cert Key Mgm 7" },
{ 0x5FC114, 0, 0,1, 0,0, 0, "89", "2.16.8", "e", { 0x5FC114, 0, 0,1, 0,0, 1, "89", "2.16.8", "e",
"Retired Cert Key Mgm 8" }, "Retired Cert Key Mgm 8" },
{ 0x5FC115, 0, 0,1, 0,0, 0, "8A", "2.16.9", "e", { 0x5FC115, 0, 0,1, 0,0, 1, "8A", "2.16.9", "e",
"Retired Cert Key Mgm 9" }, "Retired Cert Key Mgm 9" },
{ 0x5FC116, 0, 0,1, 0,0, 0, "8B", "2.16.10", "e", { 0x5FC116, 0, 0,1, 0,0, 1, "8B", "2.16.10", "e",
"Retired Cert Key Mgm 10" }, "Retired Cert Key Mgm 10" },
{ 0x5FC117, 0, 0,1, 0,0, 0, "8C", "2.16.11", "e", { 0x5FC117, 0, 0,1, 0,0, 1, "8C", "2.16.11", "e",
"Retired Cert Key Mgm 11" }, "Retired Cert Key Mgm 11" },
{ 0x5FC118, 0, 0,1, 0,0, 0, "8D", "2.16.12", "e", { 0x5FC118, 0, 0,1, 0,0, 1, "8D", "2.16.12", "e",
"Retired Cert Key Mgm 12" }, "Retired Cert Key Mgm 12" },
{ 0x5FC119, 0, 0,1, 0,0, 0, "8E", "2.16.13", "e", { 0x5FC119, 0, 0,1, 0,0, 1, "8E", "2.16.13", "e",
"Retired Cert Key Mgm 13" }, "Retired Cert Key Mgm 13" },
{ 0x5FC11A, 0, 0,1, 0,0, 0, "8F", "2.16.14", "e", { 0x5FC11A, 0, 0,1, 0,0, 1, "8F", "2.16.14", "e",
"Retired Cert Key Mgm 14" }, "Retired Cert Key Mgm 14" },
{ 0x5FC11B, 0, 0,1, 0,0, 0, "90", "2.16.15", "e", { 0x5FC11B, 0, 0,1, 0,0, 1, "90", "2.16.15", "e",
"Retired Cert Key Mgm 15" }, "Retired Cert Key Mgm 15" },
{ 0x5FC11C, 0, 0,1, 0,0, 0, "91", "2.16.16", "e", { 0x5FC11C, 0, 0,1, 0,0, 1, "91", "2.16.16", "e",
"Retired Cert Key Mgm 16" }, "Retired Cert Key Mgm 16" },
{ 0x5FC11D, 0, 0,1, 0,0, 0, "92", "2.16.17", "e", { 0x5FC11D, 0, 0,1, 0,0, 1, "92", "2.16.17", "e",
"Retired Cert Key Mgm 17" }, "Retired Cert Key Mgm 17" },
{ 0x5FC11E, 0, 0,1, 0,0, 0, "93", "2.16.18", "e", { 0x5FC11E, 0, 0,1, 0,0, 1, "93", "2.16.18", "e",
"Retired Cert Key Mgm 18" }, "Retired Cert Key Mgm 18" },
{ 0x5FC11F, 0, 0,1, 0,0, 0, "94", "2.16.19", "e", { 0x5FC11F, 0, 0,1, 0,0, 1, "94", "2.16.19", "e",
"Retired Cert Key Mgm 19" }, "Retired Cert Key Mgm 19" },
{ 0x5FC120, 0, 0,1, 0,0, 0, "95", "2.16.20", "e", { 0x5FC120, 0, 0,1, 0,0, 1, "95", "2.16.20", "e",
"Retired Cert Key Mgm 20" }, "Retired Cert Key Mgm 20" },
{ 0x5FC121, 0, 2,2, 0,0, 0, "", "2.16.21", NULL, { 0x5FC121, 0, 2,2, 0,0, 0, "", "2.16.21", NULL,
"Cardholder Iris Images" }, "Cardholder Iris Images" },
@ -3543,7 +3543,7 @@ do_with_keygrip (app_t app, ctrl_t ctrl, int action,
} }
if (capability == GCRY_PK_USAGE_ENCR) if (capability == GCRY_PK_USAGE_ENCR)
{ {
if (strcmp (data_objects[i].keyref, "9D")) if (strcmp (data_objects[i].usage, "e"))
continue; continue;
} }
if (capability == GCRY_PK_USAGE_AUTH) if (capability == GCRY_PK_USAGE_AUTH)

28
tools/gpg-card.c
View File

@ -836,6 +836,21 @@ list_one_kinfo (card_info_t info, key_info_t kinfo,
} }
/* Return the retired key number if KEYREF is for a retired key; 0 if
* not. */
static int
piv_keyref_is_retired (const char *keyref)
{
if (!strncmp (keyref, "PIV.8", 5)
&& keyref[5] >= '2' && hexdigitp (keyref + 5))
return xtoi_1 (keyref+5) - 1;
else if (!strncmp (keyref, "PIV.9", 5)
&& keyref[5] >= '0' && keyref[5] <= '5')
return atoi_1 (keyref+5) + 15;
else
return 0;
}
/* List all keyinfo in INFO using the list of LABELS. */ /* List all keyinfo in INFO using the list of LABELS. */
static void static void
list_all_kinfo (card_info_t info, keyinfolabel_t labels, estream_t fp, list_all_kinfo (card_info_t info, keyinfolabel_t labels, estream_t fp,
@ -843,6 +858,7 @@ list_all_kinfo (card_info_t info, keyinfolabel_t labels, estream_t fp,
{ {
key_info_t kinfo; key_info_t kinfo;
int idx, i, j; int idx, i, j;
int rn;
/* Print the keyinfo. We first print those we known and then all /* Print the keyinfo. We first print those we known and then all
* remaining item. */ * remaining item. */
@ -864,9 +880,15 @@ list_all_kinfo (card_info_t info, keyinfolabel_t labels, estream_t fp,
{ {
if (kinfo->xflag) if (kinfo->xflag)
continue; continue;
tty_fprintf (fp, "Key %s", kinfo->keyref); if (info->apptype == APP_TYPE_PIV
for (i=4+strlen (kinfo->keyref), j=0; i < 18; i++, j=1) && (rn = piv_keyref_is_retired (kinfo->keyref)))
tty_fprintf (fp, j? ".":" "); tty_fprintf (fp, "Key retired %2d ...", rn);
else
{
tty_fprintf (fp, "Key %s", kinfo->keyref);
for (i=4+strlen (kinfo->keyref), j=0; i < 18; i++, j=1)
tty_fprintf (fp, j? ".":" ");
}
tty_fprintf (fp, ":"); tty_fprintf (fp, ":");
list_one_kinfo (info, kinfo, NULL, fp, no_key_lookup, create_shadow); list_one_kinfo (info, kinfo, NULL, fp, no_key_lookup, create_shadow);
} }