security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-01-03 12:11:33 +01:00
Code Activity

sm: Fix certificate creation with key on card.

Browse Source 
* sm/certreqgen.c (create_request): Fix for certmode.
--

When using an existing key from a card for certificate signing (in
contrast to the default of generating a CSR), the code tried to use
the same key for signing instead of the Signing-Key parameter.  It is
perfectly okay to use the regular signing path via gpg-agent for
certificate creation - only self-signed certificates with a key on the
card require the direct use of the card key (via "SCD PKSIGN").

Signed-off-by: Werner Koch <wk@gnupg.org>
This commit is contained in:
Werner Koch 2019-02-21 17:32:39 +01:00
parent 7317aeb3f4
commit c1000c6738
No known key found for this signature in database
GPG Key ID: E3FDFF218E45B72B
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
sm/certreqgen.c
View File

@ -1314,7 +1314,7 @@ create_request (ctrl_t ctrl,
log_info ("about to sign the %s for key: &%s\n", log_info ("about to sign the %s for key: &%s\n",
certmode? "certificate":"CSR", hexgrip); certmode? "certificate":"CSR", hexgrip);
if (carddirect) if (carddirect && !certmode)
rc = gpgsm_scd_pksign (ctrl, carddirect, NULL, rc = gpgsm_scd_pksign (ctrl, carddirect, NULL,
gcry_md_read (md, mdalgo), gcry_md_read (md, mdalgo),
gcry_md_get_algo_dlen (mdalgo), gcry_md_get_algo_dlen (mdalgo),