security-and-privacy/gnupg
security-and-privacy
/
gnupg
mirror of git://git.gnupg.org/gnupg.git
1
0
Fork 0
Code Releases Activity

card: First code to actually create openpgp keys. 

* tools/gpg-card.c (generate_all_openpgp_card_keys): Add demo key
generation.
(generate_key): Allow generatiing one OpenPGP key.
--

This does now allows to create a single OpenPGP key optioanlly with a
specified parameter.  For example to create an auth key:

  gpg-card generate --algo=ed25519 OPENPGP.3

Using option --force will overwrite and already existing key.
scdaemon does here take care of swicthing the key attributes before
generating the key.

TODO: We need to add some more stuff to app-openpgp so that the user
is not annoyed by beeing asked to enter the Admin-PIN twice (change
the key attributes clear the verification state).  gpg's key
generation also needs some tweaks for using an existing card key which
has no key stub in private-keys-v1.d.

Signed-off-by: Werner Koch <wk@gnupg.org>
This commit is contained in:
Werner Koch 2020-02-11 14:58:17 +01:00
parent 323548acd9
commit 6bc7318ef5
No known key found for this signature in database
GPG Key ID: E3FDFF218E45B72B
2 changed files with 3 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
tools/gpg-card.c
View File

@ -2140,7 +2140,7 @@ generate_all_openpgp_card_keys (card_info_t info, char **algos)
* tell gpg to use them to create the OpenPGP keyblock. */
/* generate_keypair (ctrl, 1, NULL, info.serialno, want_backup); */
(void)want_backup;
err = gpg_error (GPG_ERR_NOT_IMPLEMENTED);
err = scd_genkey ("OPENPGP.1", 1, NULL, NULL);
leave:
restore_forced_chv1 (&forced_chv1);
@ -2172,22 +2172,8 @@ generate_key (card_info_t info, const char *keyref, int force,
err = ask_replace_keys (NULL);
if (err)
goto leave;
force = 1;
}
log_debug ("current algo is: %s\n", kinfo->keyalgo);
if (algo)
{
log_debug ("setting algo to: %s\n", algo);
/* OpenPGP cards require us to set the key attributes prior
* to generation because the generate command does not take
* key attributes. Actually this should be hidden by
* scd/app-openpgp but that is not the case. */
}
goto leave;
/* err = generate_openpgp (info); */
}
err = scd_genkey (keyref, force, algo, NULL);

2
tools/gpg-card.h
View File

@ -1,5 +1,5 @@
/* gpg-card.h - Common definitions for the gpg-card-tool
* Copyright (C) 2019 g10 Code GmbH
* Copyright (C) 2019, 2020 g10 Code GmbH
*
* This file is part of GnuPG.
*