security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-04-17 15:44:34 +02:00
Code Activity

gpgsm: Allow CSR generation with an unprotected key.

Browse Source 
* sm/call-agent.c (gpgsm_agent_genkey): Add arg no_protection.
* sm/certreqgen.c (struct reqgen_ctrl_s): Add field no_protection.
(read_parameters): Add keyword "%no-protection".
(proc_parameters): Pass no_protection to gpgsm_agent_genkey.
This commit is contained in:
Werner Koch 2025-01-29 16:32:03 +01:00
parent 2469dc5aae
commit 89055f24f4
No known key found for this signature in database
GPG Key ID: E3FDFF218E45B72B
4 changed files with 15 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
doc/gpgsm.texi
View File

@ -1179,6 +1179,9 @@ Print @var{text} as diagnostic.
@item %dry-run
Suppress actual key generation (useful for syntax checking).
@item %no-protection
Creates the private key without a passphrase.
@item %commit
Perform the key generation. Note that an implicit commit is done at
the next @asis{Key-Type} parameter.

8
sm/call-agent.c
View File

@ -680,8 +680,8 @@ inq_genkey_parms (void *opaque, const char *line)
/* Call the agent to generate a new key */
int
gpgsm_agent_genkey (ctrl_t ctrl,
gpg_error_t
gpgsm_agent_genkey (ctrl_t ctrl, int no_protection,
ksba_const_sexp_t keyparms, ksba_sexp_t *r_pubkey)
{
int rc;
@ -709,7 +709,9 @@ gpgsm_agent_genkey (ctrl_t ctrl,
if (!gk_parm.sexplen)
return gpg_error (GPG_ERR_INV_VALUE);
gnupg_get_isotime (timebuf);
snprintf (line, sizeof line, "GENKEY --timestamp=%s", timebuf);
snprintf (line, sizeof line, "GENKEY%s --timestamp=%s",
no_protection? " --no-protection":"",
timebuf);
rc = assuan_transact (agent_ctx, line,
put_membuf_cb, &data,
inq_genkey_parms, &gk_parm, NULL, NULL);

5
sm/certreqgen.c
View File

@ -111,6 +111,7 @@ struct reqgen_ctrl_s
{
int lnr;
int dryrun;
int no_protection;
};
@ -302,6 +303,8 @@ read_parameters (ctrl_t ctrl, estream_t fp, estream_t out_fp)
log_info ("%s\n", value);
else if (!ascii_strcasecmp (keyword, "%dry-run"))
outctrl.dryrun = 1;
else if (!ascii_strcasecmp (keyword, "%no-protection"))
outctrl.no_protection = 1;
else if (!ascii_strcasecmp( keyword, "%commit"))
{
rc = proc_parameters (ctrl, para, out_fp, &outctrl);
@ -760,7 +763,7 @@ proc_parameters (ctrl_t ctrl, struct para_data_s *para,
xfree (cardkeyid);
return gpg_error (GPG_ERR_INV_PARAMETER);
}
rc = gpgsm_agent_genkey (ctrl, keyparms, &public);
rc = gpgsm_agent_genkey (ctrl, outctrl->no_protection, keyparms, &public);
if (rc)
{
r = get_parameter (para, pKEYTYPE, 0);

5
sm/gpgsm.h
View File

@ -526,8 +526,9 @@ int gpgsm_scd_pksign (ctrl_t ctrl, const char *keyid, const char *desc,
int gpgsm_agent_pkdecrypt (ctrl_t ctrl, const char *keygrip, const char *desc,
ksba_const_sexp_t ciphertext,
char **r_buf, size_t *r_buflen);
int gpgsm_agent_genkey (ctrl_t ctrl,
ksba_const_sexp_t keyparms, ksba_sexp_t *r_pubkey);
gpg_error_t gpgsm_agent_genkey (ctrl_t ctrl, int no_protection,
ksba_const_sexp_t keyparms,
ksba_sexp_t *r_pubkey);
int gpgsm_agent_readkey (ctrl_t ctrl, int fromcard, const char *hexkeygrip,
ksba_sexp_t *r_pubkey);
int gpgsm_agent_scd_serialno (ctrl_t ctrl, char **r_serialno);