diff --git a/g10/ChangeLog b/g10/ChangeLog index a6c640aeb..d709b0e51 100644 --- a/g10/ChangeLog +++ b/g10/ChangeLog @@ -1,3 +1,12 @@ +2005-01-31 David Shaw + + * keygen.c (do_generate_keypair): Write the auth key to the card + before the encryption key. This is a partial workaround for a PGP + bug (as of this writing, all versions including 8.1), that causes + it to try and encrypt to the most recent subkey regardless of + whether that subkey is actually an encryption type. In this case, + the auth key is an RSA key so it succeeds. + 2005-01-27 David Shaw * keyid.c (keyid_from_sk, keyid_from_pk): Use 0xFFFFFFFFFFFFFFFF diff --git a/g10/keygen.c b/g10/keygen.c index 854b7ea21..abef68167 100644 --- a/g10/keygen.c +++ b/g10/keygen.c @@ -2820,6 +2820,24 @@ do_generate_keypair( struct para_data_s *para, get_parameter_uint (para, pKEYUSAGE)); } + /* Write the auth key to the card before the encryption key. This + is a partial workaround for a PGP bug (as of this writing, all + versions including 8.1), that causes it to try and encrypt to + the most recent subkey regardless of whether that subkey is + actually an encryption type. In this case, the auth key is an + RSA key so it succeeds. */ + + if (!rc && card && get_parameter (para, pAUTHKEYTYPE)) + { + rc = gen_card_key (PUBKEY_ALGO_RSA, 3, 0, pub_root, sec_root, + get_parameter_u32 (para, pKEYEXPIRE), para); + + if (!rc) + rc = write_keybinding (pub_root, pub_root, pri_sk, sub_sk, PUBKEY_USAGE_AUTH); + if (!rc) + rc = write_keybinding (sec_root, pub_root, pri_sk, sub_sk, PUBKEY_USAGE_AUTH); + } + if( !rc && get_parameter( para, pSUBKEYTYPE ) ) { if (!card) @@ -2859,17 +2877,6 @@ do_generate_keypair( struct para_data_s *para, did_sub = 1; } - if (!rc && card && get_parameter (para, pAUTHKEYTYPE)) - { - rc = gen_card_key (PUBKEY_ALGO_RSA, 3, 0, pub_root, sec_root, - get_parameter_u32 (para, pKEYEXPIRE), para); - - if (!rc) - rc = write_keybinding (pub_root, pub_root, pri_sk, sub_sk, PUBKEY_USAGE_AUTH); - if (!rc) - rc = write_keybinding (sec_root, pub_root, pri_sk, sub_sk, PUBKEY_USAGE_AUTH); - } - if( !rc && outctrl->use_files ) { /* direct write to specified files */ rc = write_keyblock( outctrl->pub.stream, pub_root ); if( rc )