security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-05-14 08:13:25 +02:00
Code Activity

scd:p15: Return labels for keys and certificates.

Browse Source 
* scd/app-p15.c (send_certinfo): Extend certinfo.
(do_getattr): Support KEY-LABEL.

Signed-off-by: Werner Koch <wk@gnupg.org>
This commit is contained in:
Werner Koch 2021-03-30 17:25:24 +02:00
parent 651c07a730
commit 7f91263632
No known key found for this signature in database
GPG Key ID: E3FDFF218E45B72B
3 changed files with 71 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
doc/DETAILS
View File

@ -1208,6 +1208,23 @@ pkd:0:1024:B665B1435F4C2 .... FF26ABB:
info available. The format is the usual ISO string or a number info available. The format is the usual ISO string or a number
with the seconds since Epoch. <algostr> is the algorithm or curve with the seconds since Epoch. <algostr> is the algorithm or curve
this key uses (e.g. "rsa2048") or a "-" if not known. this key uses (e.g. "rsa2048") or a "-" if not known.
*** CERTINFO <certtype> <certref> [<label>]
This status is mettited for X.509 certifcates.
CERTTYPE is a number indicating the type of the certificate:
0 := Unknown
100 := Regular X.509 cert
101 := Trusted X.509 cert
102 := Useful X.509 cert
110 := Root CA cert in a special format (e.g. DINSIG)
111 := Root CA cert as standard X509 cert
CERTREF identifies the certificate uniquely on the card and may be
used to match it with a key's KEYREF. LABEL is an optional human
readable decription of the certificate; it won't have any space in
it and is percent encoded.
*** MANUFACTURER <n> [<string>] *** MANUFACTURER <n> [<string>]
This status returns the Manufactorer ID as the unsigned number N. This status returns the Manufactorer ID as the unsigned number N.
@ -1229,12 +1246,17 @@ pkd:0:1024:B665B1435F4C2 .... FF26ABB:
OPENPGP.129) and <string> is the algoritm or curve name, which OPENPGP.129) and <string> is the algoritm or curve name, which
is available for the key. is available for the key.
*** KEY-TIME <keyref> <timestamp> *** KEY-TIME <n> <timestamp>
This is a response from scdaemon on GETATTR KEY-TIME. A keyref of This is a response from scdaemon on GETATTR KEY-TIME. A keyref N
1 gives the timestamp for the standard OpenPGP signing key, 2 for of 1 gives the timestamp for the standard OpenPGP signing key, 2
the encryption key, and 3 for an authentication key. Note that a for the encryption key, and 3 for an authentication key. Note
KEYPAIRINFO status lines carries the same information and should that a KEYPAIRINFO status lines carries the same information and
be preferred. should be preferred.
*** KEY-LABEL <keyref> <label>
This returns the human readbable label for the keys given by
KEYREF. LABEL won't have any space in it and is percent encoded.
This info shall only be used for dispaly purposes.
* Format of the --attribute-fd output * Format of the --attribute-fd output

42
scd/app-p15.c
View File

@ -3709,6 +3709,8 @@ send_certinfo (app_t app, ctrl_t ctrl, const char *certtype,
for (; certinfo; certinfo = certinfo->next) for (; certinfo; certinfo = certinfo->next)
{ {
char *buf, *p; char *buf, *p;
const char *label;
char *labelbuf;
buf = xtrymalloc (9 + certinfo->objidlen*2 + 1); buf = xtrymalloc (9 + certinfo->objidlen*2 + 1);
if (!buf) if (!buf)
@ -3723,9 +3725,18 @@ send_certinfo (app_t app, ctrl_t ctrl, const char *certtype,
p = stpcpy (p, "."); p = stpcpy (p, ".");
bin2hex (certinfo->objid, certinfo->objidlen, p); bin2hex (certinfo->objid, certinfo->objidlen, p);
label = (certinfo->label && *certinfo->label)? certinfo->label : "-";
labelbuf = percent_data_escape (0, NULL, label, strlen (label));
if (!labelbuf)
{
xfree (buf);
return gpg_error_from_syserror ();
}
send_status_info (ctrl, "CERTINFO", send_status_info (ctrl, "CERTINFO",
certtype, strlen (certtype), certtype, strlen (certtype),
buf, strlen (buf), buf, strlen (buf),
labelbuf, strlen (labelbuf),
NULL, (size_t)0); NULL, (size_t)0);
xfree (buf); xfree (buf);
} }
@ -4414,6 +4425,37 @@ do_getattr (app_t app, ctrl_t ctrl, const char *name)
xfree (p); xfree (p);
return err; return err;
} }
else if (!strcmp (name, "KEY-LABEL"))
{
/* Send KEY-LABEL lines for all private key objects. */
const char *label;
char *idbuf, *labelbuf;
for (prkdf = app->app_local->private_key_info; prkdf;
prkdf = prkdf->next)
{
idbuf = keyref_from_prkdf (app, prkdf);
if (!idbuf)
return gpg_error_from_syserror ();
label = (prkdf->label && *prkdf->label)? prkdf->label : "-";
labelbuf = percent_data_escape (0, NULL, label, strlen (label));
if (!labelbuf)
{
xfree (idbuf);
return gpg_error_from_syserror ();
}
send_status_info (ctrl, name,
idbuf, strlen (idbuf),
labelbuf, strlen(labelbuf),
NULL, 0);
xfree (idbuf);
xfree (labelbuf);
}
return 0;
}
return gpg_error (GPG_ERR_INV_NAME); return gpg_error (GPG_ERR_INV_NAME);
} }

2
scd/command.c
View File

@ -458,7 +458,7 @@ static const char hlp_learn[] =
"to the keypair info, information about all certificates stored on the\n" "to the keypair info, information about all certificates stored on the\n"
"card is also returned:\n" "card is also returned:\n"
"\n" "\n"
" S CERTINFO <certtype> <hexstring_with_id>\n" " S CERTINFO <certtype> <keyref> [<label>]\n"
"\n" "\n"
"Where CERTTYPE is a number indicating the type of certificate:\n" "Where CERTTYPE is a number indicating the type of certificate:\n"
" 0 := Unknown\n" " 0 := Unknown\n"