mirror of
git://git.gnupg.org/gnupg.git
synced 2024-06-07 23:27:48 +02:00
sm: Fix certificate creation with key on card.
* sm/certreqgen.c (create_request): Fix for certmode.
--
When using an existing key from a card for certificate signing (in
contrast to the default of generating a CSR), the code tried to use
the same key for signing instead of the Signing-Key parameter. It is
perfectly okay to use the regular signing path via gpg-agent for
certificate creation - only self-signed certificates with a key on the
card require the direct use of the card key (via "SCD PKSIGN").
Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit c1000c6738
)
This commit is contained in:
parent
0a95b15381
commit
54c56230e3
|
@ -1312,7 +1312,7 @@ create_request (ctrl_t ctrl,
|
|||
log_info ("about to sign the %s for key: &%s\n",
|
||||
certmode? "certificate":"CSR", hexgrip);
|
||||
|
||||
if (carddirect)
|
||||
if (carddirect && !certmode)
|
||||
rc = gpgsm_scd_pksign (ctrl, carddirect, NULL,
|
||||
gcry_md_read (md, mdalgo),
|
||||
gcry_md_get_algo_dlen (mdalgo),
|
||||
|
|
Loading…
Reference in New Issue
Block a user