mirror of
git://git.gnupg.org/gnupg.git
synced 2025-01-24 15:17:02 +01:00
gpg: Delete secret key after "keytocard".
* g10/card-util.c (card_store_subkey): Add arg processed_keys. * g10/keyedit.c (keyedit_menu): Delete secret key. -- This used to work using the gpg-agent: learn we called at "save" time. However, the recent change inhibited the creation of a shadow key by learn if a regular key still exists. Now we do an explicit delete key at save time. This syncs the behaviour with the description of the man page. GnuPG-bug-id: 6378
This commit is contained in:
parent
2630872cff
commit
706d557a64
@ -1734,12 +1734,13 @@ card_generate_subkey (ctrl_t ctrl, kbnode_t pub_keyblock)
|
|||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
/* Store the key at NODE into the smartcard and modify NODE to
|
/* Store the key at NODE into the smartcard and modify NODE to carry
|
||||||
carry the serialno stuff instead of the actual secret key
|
the serialno stuff instead of the actual secret key parameters.
|
||||||
parameters. USE is the usage for that key; 0 means any
|
USE is the usage for that key; 0 means any usage. If
|
||||||
usage. */
|
PROCESSED_KEYS is not NULL it is a poiter to an strlist which will
|
||||||
|
be filled with the keygrips of successfully stored keys. */
|
||||||
int
|
int
|
||||||
card_store_subkey (KBNODE node, int use)
|
card_store_subkey (KBNODE node, int use, strlist_t *processed_keys)
|
||||||
{
|
{
|
||||||
struct agent_card_info_s info;
|
struct agent_card_info_s info;
|
||||||
int okay = 0;
|
int okay = 0;
|
||||||
@ -1828,7 +1829,11 @@ card_store_subkey (KBNODE node, int use)
|
|||||||
if (rc)
|
if (rc)
|
||||||
log_error (_("KEYTOCARD failed: %s\n"), gpg_strerror (rc));
|
log_error (_("KEYTOCARD failed: %s\n"), gpg_strerror (rc));
|
||||||
else
|
else
|
||||||
okay = 1;
|
{
|
||||||
|
okay = 1;
|
||||||
|
if (processed_keys)
|
||||||
|
add_to_strlist (processed_keys, hexgrip);
|
||||||
|
}
|
||||||
xfree (hexgrip);
|
xfree (hexgrip);
|
||||||
|
|
||||||
leave:
|
leave:
|
||||||
|
@ -1416,6 +1416,8 @@ keyedit_menu (ctrl_t ctrl, const char *username, strlist_t locusr,
|
|||||||
int sec_shadowing = 0;
|
int sec_shadowing = 0;
|
||||||
int run_subkey_warnings = 0;
|
int run_subkey_warnings = 0;
|
||||||
int have_commands = !!commands;
|
int have_commands = !!commands;
|
||||||
|
strlist_t delseckey_list = NULL;
|
||||||
|
int delseckey_list_warn = 0;
|
||||||
|
|
||||||
if (opt.command_fd != -1)
|
if (opt.command_fd != -1)
|
||||||
;
|
;
|
||||||
@ -1492,6 +1494,14 @@ keyedit_menu (ctrl_t ctrl, const char *username, strlist_t locusr,
|
|||||||
subkey_expire_warning (keyblock);
|
subkey_expire_warning (keyblock);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (delseckey_list_warn)
|
||||||
|
{
|
||||||
|
delseckey_list_warn = 0;
|
||||||
|
tty_printf
|
||||||
|
(_("Note: the local copy of the secret key"
|
||||||
|
" will only be deleted with \"save\".\n"));
|
||||||
|
}
|
||||||
|
|
||||||
do
|
do
|
||||||
{
|
{
|
||||||
xfree (answer);
|
xfree (answer);
|
||||||
@ -1823,10 +1833,12 @@ keyedit_menu (ctrl_t ctrl, const char *username, strlist_t locusr,
|
|||||||
if (node)
|
if (node)
|
||||||
{
|
{
|
||||||
PKT_public_key *xxpk = node->pkt->pkt.public_key;
|
PKT_public_key *xxpk = node->pkt->pkt.public_key;
|
||||||
if (card_store_subkey (node, xxpk ? xxpk->pubkey_usage : 0))
|
if (card_store_subkey (node, xxpk ? xxpk->pubkey_usage : 0,
|
||||||
|
&delseckey_list))
|
||||||
{
|
{
|
||||||
redisplay = 1;
|
redisplay = 1;
|
||||||
sec_shadowing = 1;
|
sec_shadowing = 1;
|
||||||
|
delseckey_list_warn = 1;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -1903,7 +1915,7 @@ keyedit_menu (ctrl_t ctrl, const char *username, strlist_t locusr,
|
|||||||
pkt->pkttype = PKT_PUBLIC_KEY;
|
pkt->pkttype = PKT_PUBLIC_KEY;
|
||||||
|
|
||||||
/* Ask gpg-agent to store the secret key to card. */
|
/* Ask gpg-agent to store the secret key to card. */
|
||||||
if (card_store_subkey (node, 0))
|
if (card_store_subkey (node, 0, NULL))
|
||||||
{
|
{
|
||||||
redisplay = 1;
|
redisplay = 1;
|
||||||
sec_shadowing = 1;
|
sec_shadowing = 1;
|
||||||
@ -2204,6 +2216,27 @@ keyedit_menu (ctrl_t ctrl, const char *username, strlist_t locusr,
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (delseckey_list)
|
||||||
|
{
|
||||||
|
strlist_t sl;
|
||||||
|
for (err = 0, sl = delseckey_list; sl; sl = sl->next)
|
||||||
|
{
|
||||||
|
if (*sl->d)
|
||||||
|
{
|
||||||
|
err = agent_delete_key (ctrl, sl->d, NULL, 1/*force*/);
|
||||||
|
if (err)
|
||||||
|
break;
|
||||||
|
*sl->d = 0; /* Mark deleted. */
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if (err)
|
||||||
|
{
|
||||||
|
log_error (_("deleting copy of secret key failed: %s\n"),
|
||||||
|
gpg_strerror (err));
|
||||||
|
break; /* the "save". */
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
if (sec_shadowing)
|
if (sec_shadowing)
|
||||||
{
|
{
|
||||||
err = agent_scd_learn (NULL, 1);
|
err = agent_scd_learn (NULL, 1);
|
||||||
@ -2233,6 +2266,7 @@ keyedit_menu (ctrl_t ctrl, const char *username, strlist_t locusr,
|
|||||||
} /* End of the main command loop. */
|
} /* End of the main command loop. */
|
||||||
|
|
||||||
leave:
|
leave:
|
||||||
|
free_strlist (delseckey_list);
|
||||||
release_kbnode (keyblock);
|
release_kbnode (keyblock);
|
||||||
keydb_release (kdbhd);
|
keydb_release (kdbhd);
|
||||||
xfree (answer);
|
xfree (answer);
|
||||||
|
@ -506,7 +506,7 @@ void change_pin (int no, int allow_admin);
|
|||||||
void card_status (ctrl_t ctrl, estream_t fp, const char *serialno);
|
void card_status (ctrl_t ctrl, estream_t fp, const char *serialno);
|
||||||
void card_edit (ctrl_t ctrl, strlist_t commands);
|
void card_edit (ctrl_t ctrl, strlist_t commands);
|
||||||
gpg_error_t card_generate_subkey (ctrl_t ctrl, kbnode_t pub_keyblock);
|
gpg_error_t card_generate_subkey (ctrl_t ctrl, kbnode_t pub_keyblock);
|
||||||
int card_store_subkey (KBNODE node, int use);
|
int card_store_subkey (KBNODE node, int use, strlist_t *processed_keys);
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#define S2K_DECODE_COUNT(_val) ((16ul + ((_val) & 15)) << (((_val) >> 4) + 6))
|
#define S2K_DECODE_COUNT(_val) ((16ul + ((_val) & 15)) << (((_val) >> 4) + 6))
|
||||||
|
Loading…
x
Reference in New Issue
Block a user