security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-07-02 22:46:30 +02:00
Code Activity

scd: Use a scdaemon internal key to protect the PIN cache IPC.

Browse source 
* agent/call-scd.c (handle_pincache_put): Do not decrypt.
(handle_pincache_get): New.
(inq_needpin): Call it.
* scd/command.c (set_key_for_pincache): New.
(pincache_put): Restructure and set key.
(pincache_get): Ditto.
--

This change does away with encrypting and decrypting the cached PIN in
the agent.  There is no need for this we can simply cache the
cryptogram and let scdaemon decrypt after retrieving it from the
agent.  This way we do not need to share a key between gpg-agent and
scdaemon and further the cached content is invalid after the scdaemon
process has been replaced.

Signed-off-by: Werner Koch <wk@gnupg.org>
This commit is contained in:
Werner Koch 2020-01-09 12:00:50 +01:00
parent 57b8ed61ab
commit ce5a7fb72b
No known key found for this signature in database
GPG key ID: E3FDFF218E45B72B
4 changed files with 150 additions and 114 deletions
Download patch file Download diff file Expand all files Collapse all files

2
common/convert.c
View file

@ -192,7 +192,7 @@ bin2hexcolon (const void *buffer, size_t length, char *stringbuf)
On success the function returns a pointer to the next character
after HEXSTRING (which is either end-of-string or the next white
space). If BUFLEN is not NULL the number of valid vytes in BUFFER
space). If BUFLEN is not NULL the number of valid bytes in BUFFER
is stored there (an extra Nul byte is not counted); this will even
be done if BUFFER has been passed as NULL. */
const char *