From 6bc7318ef55017e1aca6e52899fd0b223da7cfc1 Mon Sep 17 00:00:00 2001 From: Werner Koch Date: Tue, 11 Feb 2020 14:58:17 +0100 Subject: [PATCH] card: First code to actually create openpgp keys. * tools/gpg-card.c (generate_all_openpgp_card_keys): Add demo key generation. (generate_key): Allow generatiing one OpenPGP key. -- This does now allows to create a single OpenPGP key optioanlly with a specified parameter. For example to create an auth key: gpg-card generate --algo=ed25519 OPENPGP.3 Using option --force will overwrite and already existing key. scdaemon does here take care of swicthing the key attributes before generating the key. TODO: We need to add some more stuff to app-openpgp so that the user is not annoyed by beeing asked to enter the Admin-PIN twice (change the key attributes clear the verification state). gpg's key generation also needs some tweaks for using an existing card key which has no key stub in private-keys-v1.d. Signed-off-by: Werner Koch --- tools/gpg-card.c | 18 ++---------------- tools/gpg-card.h | 2 +- 2 files changed, 3 insertions(+), 17 deletions(-) diff --git a/tools/gpg-card.c b/tools/gpg-card.c index 3d87e2ef2..902c4932a 100644 --- a/tools/gpg-card.c +++ b/tools/gpg-card.c @@ -2140,7 +2140,7 @@ generate_all_openpgp_card_keys (card_info_t info, char **algos) * tell gpg to use them to create the OpenPGP keyblock. */ /* generate_keypair (ctrl, 1, NULL, info.serialno, want_backup); */ (void)want_backup; - err = gpg_error (GPG_ERR_NOT_IMPLEMENTED); + err = scd_genkey ("OPENPGP.1", 1, NULL, NULL); leave: restore_forced_chv1 (&forced_chv1); @@ -2172,22 +2172,8 @@ generate_key (card_info_t info, const char *keyref, int force, err = ask_replace_keys (NULL); if (err) goto leave; + force = 1; } - - log_debug ("current algo is: %s\n", kinfo->keyalgo); - if (algo) - { - log_debug ("setting algo to: %s\n", algo); - /* OpenPGP cards require us to set the key attributes prior - * to generation because the generate command does not take - * key attributes. Actually this should be hidden by - * scd/app-openpgp but that is not the case. */ - - - - } - goto leave; - /* err = generate_openpgp (info); */ } err = scd_genkey (keyref, force, algo, NULL); diff --git a/tools/gpg-card.h b/tools/gpg-card.h index 5d75c2bb9..391241686 100644 --- a/tools/gpg-card.h +++ b/tools/gpg-card.h @@ -1,5 +1,5 @@ /* gpg-card.h - Common definitions for the gpg-card-tool - * Copyright (C) 2019 g10 Code GmbH + * Copyright (C) 2019, 2020 g10 Code GmbH * * This file is part of GnuPG. *