Allow decryption with card keys > 3072 bits

* scd/command.c (MAXLEN_SETDATA): New. (cmd_setdata): Add option --append. * agent/call-scd.c (agent_card_pkdecrypt): Use new option for long data. * scd/app-openpgp.c (struct app_local_s): Add field manufacturer. (app_select_openpgp): Store manufacturer. (do_decipher): Print a note for broken cards. -- Please note that I was not able to run a full test because I only have broken cards (S/N < 346) available.
2025-07-03 22:56:33 +02:00 · 2012-11-06 12:02:25 +01:00 · 2012-11-06 12:02:25 +01:00 · 905b6a36d3
commit 905b6a36d3
parent 8f8c29d24c
3 changed files with 58 additions and 17 deletions
--- a/scd/app-openpgp.c
+++ b/scd/app-openpgp.c
@ -158,6 +158,8 @@ struct app_local_s {

  unsigned char status_indicator; /* The card status indicator.  */

+  unsigned int manufacturer:16;   /* Manufacturer ID from the s/n.  */
+
  /* Keep track of the ISO card capabilities.  */
  struct
  {
@ -3474,6 +3476,12 @@ do_decipher (app_t app, const char *keyidstr,
                             indata, indatalen, le_value, padind,
                             outdata, outdatalen);
      xfree (fixbuf);
+
+      if (gpg_err_code (rc) == GPG_ERR_CARD /* actual SW is 0x640a */
+          && app->app_local->manufacturer == 5
+          && app->card_version == 0x0200)
+        log_info ("NOTE: Cards with manufacturer id 5 and s/n <= 346 (0x15a)"
+                  " do not work with encryption keys > 2048 bits\n");
    }

  return rc;
@ -3761,6 +3769,8 @@ app_select_openpgp (app_t app)
          goto leave;
        }

+      app->app_local->manufacturer = manufacturer;
+
      if (app->card_version >= 0x0200)
        app->app_local->extcap.is_v2 = 1;