From d9d2d3da9152ed52abb73bd39311c6b0e01450e3 Mon Sep 17 00:00:00 2001 From: Werner Koch Date: Tue, 6 Sep 2005 18:42:13 +0000 Subject: [PATCH] The BELPIC card does now work. --- NEWS | 2 + THANKS | 1 + configure.ac | 2 +- doc/ChangeLog | 5 + doc/gnupg.texi | 16 ++- doc/gpg-agent.texi | 6 +- doc/tools.texi | 45 ++++++- po/de.po | 305 +++++++++++++++++++++++---------------------- scd/ChangeLog | 6 + scd/app-p15.c | 158 +++++++++++++++++------ scd/command.c | 2 +- 11 files changed, 352 insertions(+), 196 deletions(-) diff --git a/NEWS b/NEWS index e51cadebf..75410e8d5 100644 --- a/NEWS +++ b/NEWS @@ -1,6 +1,8 @@ Noteworthy changes in version 1.9.19 ------------------------------------------------- + * The Belgian eID card is now supported. + Noteworthy changes in version 1.9.18 (2005-08-01) ------------------------------------------------- diff --git a/THANKS b/THANKS index 408497046..0f31642ac 100644 --- a/THANKS +++ b/THANKS @@ -1,6 +1,7 @@ Alexander Belopolsky belopolsky at mac.com Andrew J. Schorr aschorr at telemetry-investments.com +Carl Meijer carlm at prism.co.za Charly Avital shavital at mac.com Kazu Yamamoto kazu at iij.ad.jp Michael Nottebrock michaelnottebrock at gmx.net diff --git a/configure.ac b/configure.ac index 9c63fcbea..030643315 100644 --- a/configure.ac +++ b/configure.ac @@ -24,7 +24,7 @@ min_automake_version="1.9.3" # Version number: Remember to change it immediately *after* a release. # Add a "-cvs" prefix for non-released code. -AC_INIT(gnupg, 1.9.18, gnupg-devel@gnupg.org) +AC_INIT(gnupg, 1.9.19-cvs, gnupg-devel@gnupg.org) # Set development_version to yes if the minor number is odd or you # feel that the default check for a development version is not # sufficient. diff --git a/doc/ChangeLog b/doc/ChangeLog index c4d263513..d93a473a2 100644 --- a/doc/ChangeLog +++ b/doc/ChangeLog @@ -1,3 +1,8 @@ +2005-08-16 Werner Koch + + * gpg-agent.texi (Agent Options): Note default file name for + --write-env-file. + 2005-06-03 Werner Koch * debugging.texi (Architecture Details): New section, mostly empty. diff --git a/doc/gnupg.texi b/doc/gnupg.texi index d92f01cd9..efa54bd14 100644 --- a/doc/gnupg.texi +++ b/doc/gnupg.texi @@ -3,6 +3,18 @@ @setfilename gnupg.info @include version.texi @settitle Using the GNU Privacy Guard + +@c A couple of macros with no effect on texinfo +@c but used by the yat2m processor. +@macro manpage {a} +@end macro +@macro mansect {a} +@end macro +@macro manpause +@end macro +@macro mancont +@end macro + @c Create a separate index for command line options. @defcodeindex op @c Merge the standard indexes into a single one. @@ -13,8 +25,8 @@ @syncodeindex tp cp @c %**end of header @copying -This is the @cite{The GNU Privacy Guard Manual} -(version @value{VERSION}, @value{UPDATED}). +This is the @cite{The GNU Privacy Guard Manual} (version +@value{VERSION}, @value{UPDATED}). @iftex Published by the Free Software Foundation@* diff --git a/doc/gpg-agent.texi b/doc/gpg-agent.texi index 144745b4c..066f8e937 100644 --- a/doc/gpg-agent.texi +++ b/doc/gpg-agent.texi @@ -253,8 +253,9 @@ Often it is required to connect to the agent from a process not being an inferior of @command{gpg-agent} and thus the environment variable with the socket name is not available. To help setting up those variables in other sessions, this option may be used to write the information into -@var{file}. The format is suitable to be evaluated by a Bourne shell -like in this simple example: +@var{file}. If @var{file} is not specified the default name +@file{$@{HOME@}/.gpg-agent-info} will be used. The format is suitable +to be evaluated by a Bourne shell like in this simple example: @example eval `cat @var{file}` @@ -262,6 +263,7 @@ eval `cut -d= -f 1 < @var{file} | xargs echo export` @end example + @item --no-grab @opindex no-grab Tell the pinentryo not to grab the keyboard and mouse. This option diff --git a/doc/tools.texi b/doc/tools.texi index b2463c351..850202bd5 100644 --- a/doc/tools.texi +++ b/doc/tools.texi @@ -20,19 +20,29 @@ GnuPG comes with a couple of smaller tools: @c @c WATCHGNUPG @c +@manpage watchgnupg.1 @node watchgnupg @section Read logs from a socket +@ifset manverb + watchgnupg \- Read and print logs from a socket +@end ifset +@mansect description Most of the main utilities are able to write there log files to a Unix Domain socket if configured that way. @command{watchgnupg} is a simple listener for such a socket. It ameliorates the output with a time stamp and makes sure that long lines are not interspersed with log output from other utilities. +@manpause @noindent @command{watchgnupg} is commonly invoked as -@samp{watchgnupg --force ~/.gnupg/S.log} +@mansect synopsis +@example +watchgnupg --force ~/.gnupg/S.log +@end example +@manpause @noindent This starts it on the current terminal for listening on the socket @@ -42,6 +52,7 @@ This starts it on the current terminal for listening on the socket @command{watchgnupg} understands these options: @table @gnupgtabopt +@mansect options @item --force @opindex force @@ -59,15 +70,21 @@ print version of the program and exit @opindex help Display a brief help page and exit +@manpause @end table @c @c ADDGNUPGHOME @c +@manpage addgnupghome.8 @node addgnupghome @section Create .gnupg home directories. +@ifset manverb + addgnupghome \- Create .gnupg home directories +@end ifset +@mansect description If GnuPG is installed on a system with existing user accounts, it is sometimes required to populate the GnuPG home directory with existing files. Especially a @file{trustlist.txt} and a keybox with some @@ -76,18 +93,27 @@ by copying all files from @file{/etc/skel/.gnupg} to the home directories of the accounts given on the command line. It takes care not to overwrite existing GnuPG home directories. +@manpause @noindent @command{addgnupghome} is invoked by root as: -@samp{addgnupghome account1 account2 ... accountn} +@mansect synopsis +@example +addgnupghome account1 account2 ... accountn +@end example @c @c GPGCONF @c +@manpage gpgconf.1 @node gpgconf @section Modify .gnupg home directories. +@ifset manverb + gpgconf \- Modify .gnupg home directories +@end ifset +@mansect description The @command{gpgconf} is a utility to automatically and reasonable safely query and modify configuration files in the @file{.gnupg} home directory. It is designed not to be invoked manually by the user, but @@ -121,6 +147,7 @@ changes can then be made active with @command{gpgconf} again. Such a program that uses @command{gpgconf} in this way will be called GUI throughout this section. +@manpause @menu * Invoking gpgconf:: List of all commands and options. * Format conventions:: Formatting conventions relevant for all commands. @@ -133,9 +160,13 @@ throughout this section. @node Invoking gpgconf @subsection Invoking gpgconf +@mansect commands One of the following commands must be given: +@manpause @table @gnupgtabopt +@mancont + @item --list-components List all components. This is the default command used if none is specified. @@ -145,11 +176,16 @@ List all options of the component @var{component}. @item --change-options @var{component} Change the options of the component @var{component}. +@manpause @end table +@mansect options + The following options may be used: +@manpause @table @gnupgtabopt +@mancont @c FIXME: Not yet supported. @c @item -o @var{file} @c @itemx --output @var{file} @@ -176,6 +212,7 @@ changing. This means that the changes will take effect at run-time, as far as this is possible. Otherwise, they will take effect at the next start of the respective backend programs. +@manpause @end table @@ -295,6 +332,7 @@ the locale environment of the @command{gpgconf} program. @c to change it via the command line? +@mansect usage @node Listing components @subsection Listing components @@ -580,6 +618,7 @@ $ echo 'force:16:' | gpgconf --change-options dirmngr The @code{--runtime} option can influence when the changes take effect. +@manpause @c @c GPGSM-GENCERT.SH @c @@ -587,7 +626,7 @@ effect. @section Generate an X.509 certificate request This is a simple tool to interactivly generate a certificate request -whicl will be printed to stdout. +which will be printed to stdout. @noindent @command{gpgsm-gencert.sh} is invoked as: diff --git a/po/de.po b/po/de.po index 04111ca63..69606fa8b 100644 --- a/po/de.po +++ b/po/de.po @@ -10,8 +10,8 @@ msgid "" msgstr "" "Project-Id-Version: gnupg2 1.9.18\n" "Report-Msgid-Bugs-To: translations@gnupg.org\n" -"POT-Creation-Date: 2005-06-16 09:12+0200\n" -"PO-Revision-Date: 2005-08-01 15:09+0200\n" +"POT-Creation-Date: 2005-09-06 20:01+0200\n" +"PO-Revision-Date: 2005-08-02 17:02+0200\n" "Last-Translator: Werner Koch \n" "Language-Team: de\n" "MIME-Version: 1.0\n" @@ -34,12 +34,12 @@ msgstr "Im Server Modus ausführen" msgid "run in daemon mode (background)" msgstr "Im Daemon Modus ausführen" -#: agent/gpg-agent.c:112 kbx/kbxutil.c:81 scd/scdaemon.c:105 sm/gpgsm.c:329 +#: agent/gpg-agent.c:112 kbx/kbxutil.c:81 scd/scdaemon.c:105 sm/gpgsm.c:331 #: tools/gpgconf.c:62 msgid "verbose" msgstr "ausführlich" -#: agent/gpg-agent.c:113 kbx/kbxutil.c:82 scd/scdaemon.c:106 sm/gpgsm.c:330 +#: agent/gpg-agent.c:113 kbx/kbxutil.c:82 scd/scdaemon.c:106 sm/gpgsm.c:332 msgid "be somewhat more quiet" msgstr "Etwas weniger Ausgaben erzeugen" @@ -63,7 +63,7 @@ msgstr "Im Vordergrund laufen lassen" msgid "do not grab keyboard and mouse" msgstr "Tastatur und Maus nicht \"grabben\"" -#: agent/gpg-agent.c:123 scd/scdaemon.c:118 sm/gpgsm.c:332 +#: agent/gpg-agent.c:123 scd/scdaemon.c:118 sm/gpgsm.c:334 msgid "use a log file for the server" msgstr "Logausgaben in eine Datei umlenken" @@ -116,12 +116,12 @@ msgid "|FILE|write environment settings also to FILE" msgstr "|DATEI|Schreibe die Umgebungsvariabeln auf DATEI" #: agent/gpg-agent.c:235 agent/protect-tool.c:142 scd/scdaemon.c:183 -#: sm/gpgsm.c:503 tools/gpgconf.c:85 +#: sm/gpgsm.c:507 tools/gpgconf.c:85 msgid "Please report bugs to <" msgstr "Fehlerberichte bitte an <" #: agent/gpg-agent.c:235 agent/protect-tool.c:142 scd/scdaemon.c:183 -#: sm/gpgsm.c:503 tools/gpgconf.c:85 +#: sm/gpgsm.c:507 tools/gpgconf.c:85 msgid ">.\n" msgstr ">.\n" @@ -137,123 +137,123 @@ msgstr "" "Syntax: gpg-agent [Optionen] [Kommando [Argumente]]\n" "Verwaltung von geheimen Schlüssel für GnuPG\n" -#: agent/gpg-agent.c:311 scd/scdaemon.c:257 sm/gpgsm.c:632 +#: agent/gpg-agent.c:311 scd/scdaemon.c:257 sm/gpgsm.c:636 #, c-format msgid "invalid debug-level `%s' given\n" msgstr "ungültige Debugebene `%s' angegeben\n" #: agent/gpg-agent.c:482 agent/protect-tool.c:1072 kbx/kbxutil.c:431 -#: scd/scdaemon.c:349 sm/gpgsm.c:753 +#: scd/scdaemon.c:349 sm/gpgsm.c:757 #, c-format msgid "libgcrypt is too old (need %s, have %s)\n" msgstr "" "Die Bibliothek \"libgcrypt\" is zu alt (benötigt wird %s, vorhanden ist %s)\n" -#: agent/gpg-agent.c:574 scd/scdaemon.c:424 sm/gpgsm.c:854 +#: agent/gpg-agent.c:574 scd/scdaemon.c:424 sm/gpgsm.c:858 #, c-format msgid "NOTE: no default option file `%s'\n" msgstr "Notiz: Voreingestellte Konfigurationsdatei `%s' fehlt\n" -#: agent/gpg-agent.c:579 agent/gpg-agent.c:1085 scd/scdaemon.c:429 -#: sm/gpgsm.c:858 +#: agent/gpg-agent.c:579 agent/gpg-agent.c:1090 scd/scdaemon.c:429 +#: sm/gpgsm.c:862 #, c-format msgid "option file `%s': %s\n" msgstr "Konfigurationsdatei `%s': %s\n" -#: agent/gpg-agent.c:587 scd/scdaemon.c:437 sm/gpgsm.c:865 +#: agent/gpg-agent.c:587 scd/scdaemon.c:437 sm/gpgsm.c:869 #, c-format msgid "reading options from `%s'\n" msgstr "Optionen werden aus `%s' gelesen\n" -#: agent/gpg-agent.c:879 +#: agent/gpg-agent.c:884 #, c-format msgid "error creating `%s': %s\n" msgstr "Fehler beim Erstellen von `%s': %s\n" -#: agent/gpg-agent.c:1135 agent/gpg-agent.c:1238 agent/gpg-agent.c:1242 -#: agent/gpg-agent.c:1278 agent/gpg-agent.c:1282 scd/scdaemon.c:900 +#: agent/gpg-agent.c:1140 agent/gpg-agent.c:1243 agent/gpg-agent.c:1247 +#: agent/gpg-agent.c:1283 agent/gpg-agent.c:1287 scd/scdaemon.c:902 #, c-format msgid "can't create directory `%s': %s\n" msgstr "Das Verzeichniss `%s' kann nicht erstellt werden: %s\n" -#: agent/gpg-agent.c:1149 scd/scdaemon.c:914 +#: agent/gpg-agent.c:1154 scd/scdaemon.c:916 msgid "name of socket too long\n" msgstr "Der Name des Sockets ist zu lang\n" -#: agent/gpg-agent.c:1175 scd/scdaemon.c:940 +#: agent/gpg-agent.c:1180 scd/scdaemon.c:942 #, c-format msgid "can't create socket: %s\n" msgstr "Socket kann nicht erzeugt werden: %s\n" -#: agent/gpg-agent.c:1204 scd/scdaemon.c:969 +#: agent/gpg-agent.c:1209 scd/scdaemon.c:971 #, c-format msgid "error binding socket to `%s': %s\n" msgstr "Der Socket kann nicht an `%s' gebunden werden: %s\n" -#: agent/gpg-agent.c:1212 scd/scdaemon.c:977 +#: agent/gpg-agent.c:1217 scd/scdaemon.c:979 #, c-format msgid "listen() failed: %s\n" msgstr "Der listen() Aufruf ist fehlgeschlagen: %s\n" -#: agent/gpg-agent.c:1218 scd/scdaemon.c:983 +#: agent/gpg-agent.c:1223 scd/scdaemon.c:985 #, c-format msgid "listening on socket `%s'\n" msgstr "Es wird auf Socket `%s' gehört\n" -#: agent/gpg-agent.c:1246 agent/gpg-agent.c:1288 +#: agent/gpg-agent.c:1251 agent/gpg-agent.c:1293 #, c-format msgid "directory `%s' created\n" msgstr "Verzeichniss `%s' wurde erstellt\n" -#: agent/gpg-agent.c:1294 +#: agent/gpg-agent.c:1299 #, c-format msgid "stat() failed for `%s': %s\n" msgstr "stat() Aufruf für `%s' fehlgeschlagen: %s\n" -#: agent/gpg-agent.c:1298 +#: agent/gpg-agent.c:1303 #, c-format msgid "can't use `%s' as home directory\n" msgstr "Die Datei `%s' kann nicht als Home-Verzeichniss benutzt werden\n" -#: agent/gpg-agent.c:1396 +#: agent/gpg-agent.c:1401 #, c-format msgid "handler 0x%lx for fd %d started\n" msgstr "Handhabungsroutine 0x%lx für fd %d gestartet\n" -#: agent/gpg-agent.c:1406 +#: agent/gpg-agent.c:1411 #, c-format msgid "handler 0x%lx for fd %d terminated\n" msgstr "Handhabungsroutine 0x%lx für den fd %d beendet\n" -#: agent/gpg-agent.c:1420 +#: agent/gpg-agent.c:1425 #, c-format msgid "ssh handler 0x%lx for fd %d started\n" msgstr "SSH Handhabungsroutine 0x%lx für fd %d gestartet\n" -#: agent/gpg-agent.c:1427 +#: agent/gpg-agent.c:1432 #, c-format msgid "ssh handler 0x%lx for fd %d terminated\n" msgstr "SSH Handhabungsroutine 0x%lx für fd %d beendet\n" -#: agent/gpg-agent.c:1521 scd/scdaemon.c:1099 +#: agent/gpg-agent.c:1526 scd/scdaemon.c:1101 #, c-format msgid "pth_select failed: %s - waiting 1s\n" msgstr "pth_select() Aufruf fehlgeschlagen: %s - warte 1s\n" -#: agent/gpg-agent.c:1605 scd/scdaemon.c:1156 +#: agent/gpg-agent.c:1610 scd/scdaemon.c:1158 #, c-format msgid "%s %s stopped\n" msgstr "%s %s angehalten\n" -#: agent/gpg-agent.c:1626 +#: agent/gpg-agent.c:1631 msgid "no gpg-agent running in this session\n" msgstr "Der gpg-agent läuft nicht für diese Session\n" -#: agent/gpg-agent.c:1636 common/simple-pwquery.c:323 sm/call-agent.c:143 +#: agent/gpg-agent.c:1641 common/simple-pwquery.c:323 sm/call-agent.c:143 msgid "malformed GPG_AGENT_INFO environment variable\n" msgstr "Die Variable GPG_AGENT_INFO ist fehlerhaft\n" -#: agent/gpg-agent.c:1648 common/simple-pwquery.c:335 sm/call-agent.c:155 +#: agent/gpg-agent.c:1653 common/simple-pwquery.c:335 sm/call-agent.c:155 #, c-format msgid "gpg-agent protocol version %d is not supported\n" msgstr "Das gpg-agent Protocol %d wird nicht unterstützt\n" @@ -284,7 +284,7 @@ msgid "" "Please enter the passphrase to protect the imported object within the GnuPG " "system." msgstr "" -"Bitte geben Sie die Passphrase ein, um das importierte Objket im GnuPG " +"Bitte geben Sie die Passphrase ein, um das importierte Objekt im GnuPG " "System zu schützen." #: agent/protect-tool.c:1214 agent/genkey.c:110 agent/genkey.c:218 @@ -476,11 +476,11 @@ msgstr "Kommunikationsproblem mit gpg-agent\n" msgid "problem setting the gpg-agent options\n" msgstr "Beim setzen der gpg-agent Optionen ist ein problem aufgetreten\n" -#: common/simple-pwquery.c:526 common/simple-pwquery.c:592 +#: common/simple-pwquery.c:526 common/simple-pwquery.c:614 msgid "canceled by user\n" msgstr "Vom Benutzer abgebrochen\n" -#: common/simple-pwquery.c:533 common/simple-pwquery.c:598 +#: common/simple-pwquery.c:533 common/simple-pwquery.c:620 msgid "problem with the agent\n" msgstr "Problem mit dem Agenten\n" @@ -489,7 +489,7 @@ msgstr "Problem mit dem Agenten\n" msgid "you found a bug ... (%s:%d)\n" msgstr "Sie haben einen Bug (Softwarefehler) gefunden ... (%s:%d)\n" -#: kbx/kbxutil.c:68 sm/gpgsm.c:237 tools/gpgconf.c:53 +#: kbx/kbxutil.c:68 sm/gpgsm.c:239 tools/gpgconf.c:53 msgid "" "@Commands:\n" " " @@ -497,7 +497,7 @@ msgstr "" "@Kommandos:\n" " " -#: kbx/kbxutil.c:76 sm/gpgsm.c:272 tools/gpgconf.c:59 +#: kbx/kbxutil.c:76 sm/gpgsm.c:274 tools/gpgconf.c:59 msgid "" "@\n" "Options:\n" @@ -507,7 +507,7 @@ msgstr "" "Optionen:\n" " " -#: kbx/kbxutil.c:83 sm/gpgsm.c:337 tools/gpgconf.c:64 +#: kbx/kbxutil.c:83 sm/gpgsm.c:340 tools/gpgconf.c:64 msgid "do not make any changes" msgstr "Keine Änderungen durchführen" @@ -543,7 +543,7 @@ msgstr "" msgid "run in multi server mode (foreground)" msgstr "Im Multiserver Modus ausführen" -#: scd/scdaemon.c:109 sm/gpgsm.c:349 +#: scd/scdaemon.c:109 sm/gpgsm.c:352 msgid "read options from file" msgstr "Konfigurationsoptionen aus Datei lesen" @@ -579,18 +579,18 @@ msgstr "" "Synatx: scdaemon [Optionen] [Kommando [Argumente]]\n" "Smartcard Daemon für GnuPG\n" -#: scd/scdaemon.c:656 +#: scd/scdaemon.c:658 msgid "please use the option `--daemon' to run the program in the background\n" msgstr "" "Bitte die Option `--daemon' nutzen um das Programm im Hintergund " "auszuführen\n" -#: scd/scdaemon.c:997 +#: scd/scdaemon.c:999 #, c-format msgid "handler for fd %d started\n" msgstr "Handhabungsroutine für fd %d gestartet\n" -#: scd/scdaemon.c:1002 +#: scd/scdaemon.c:1004 #, c-format msgid "handler for fd %d terminated\n" msgstr "Handhabungsroutine für den fd %d beendet\n" @@ -610,47 +610,47 @@ msgstr "Das Erzeugungsdatum kann nicht gespeichert werden: %s\n" msgid "reading public key failed: %s\n" msgstr "Fehler beim Lesen des öffentlichen Schlüssels: %s\n" -#: scd/app-openpgp.c:986 scd/app-openpgp.c:1910 +#: scd/app-openpgp.c:986 scd/app-openpgp.c:1917 msgid "response does not contain the public key data\n" msgstr "Die Antwort enthält keine Public Key Daten\n" -#: scd/app-openpgp.c:994 scd/app-openpgp.c:1918 +#: scd/app-openpgp.c:994 scd/app-openpgp.c:1925 msgid "response does not contain the RSA modulus\n" msgstr "Die Antwort enthält keinen RSA Modulus\n" -#: scd/app-openpgp.c:1003 scd/app-openpgp.c:1928 +#: scd/app-openpgp.c:1003 scd/app-openpgp.c:1935 msgid "response does not contain the RSA public exponent\n" msgstr "Die Antwort enthält keinen öffenlichen RSA Exponent\n" -#: scd/app-openpgp.c:1259 scd/app-openpgp.c:1347 scd/app-openpgp.c:2150 +#: scd/app-openpgp.c:1266 scd/app-openpgp.c:1354 scd/app-openpgp.c:2157 #, c-format msgid "PIN callback returned error: %s\n" msgstr "Fehler vom PIN \"callback\": %s\n" -#: scd/app-openpgp.c:1265 scd/app-openpgp.c:1353 scd/app-openpgp.c:2156 +#: scd/app-openpgp.c:1272 scd/app-openpgp.c:1360 scd/app-openpgp.c:2163 #, c-format msgid "PIN for CHV%d is too short; minimum length is %d\n" msgstr "Die PIN für den CHV%d ist zu kurz; Mindestlänge ist %d\n" -#: scd/app-openpgp.c:1274 scd/app-openpgp.c:1288 scd/app-openpgp.c:1363 -#: scd/app-openpgp.c:2165 scd/app-openpgp.c:2179 +#: scd/app-openpgp.c:1281 scd/app-openpgp.c:1295 scd/app-openpgp.c:1370 +#: scd/app-openpgp.c:2172 scd/app-openpgp.c:2186 #, c-format msgid "verify CHV%d failed: %s\n" msgstr "Prüfen von CHV%d fehlgeschlagen: %s\n" -#: scd/app-openpgp.c:1311 +#: scd/app-openpgp.c:1318 msgid "access to admin commands is not configured\n" msgstr "Zugriff auf Admin Kommandos ist nicht konfiguriert\n" -#: scd/app-openpgp.c:1326 scd/app-openpgp.c:2385 +#: scd/app-openpgp.c:1333 scd/app-openpgp.c:2392 msgid "error retrieving CHV status from card\n" msgstr "Fehler beim Holen des CHV Status von der Karte\n" -#: scd/app-openpgp.c:1332 scd/app-openpgp.c:2394 +#: scd/app-openpgp.c:1339 scd/app-openpgp.c:2401 msgid "card is permanently locked!\n" msgstr "Die Karte ist dauerhaft gesperrt!\n" -#: scd/app-openpgp.c:1337 +#: scd/app-openpgp.c:1344 #, c-format msgid "%d Admin PIN attempts remaining before card is permanently locked\n" msgstr "" @@ -659,105 +659,105 @@ msgstr "" #. TRANSLATORS: Do not translate the "|A|" prefix but #. keep it at the start of the string. We need this elsewhere #. to get some infos on the string. -#: scd/app-openpgp.c:1344 +#: scd/app-openpgp.c:1351 msgid "|A|Admin PIN" msgstr "|A|Admin PIN" #. TRANSLATORS: Do not translate the "|*|" prefixes but #. keep it at the start of the string. We need this elsewhere #. to get some infos on the string. -#: scd/app-openpgp.c:1493 +#: scd/app-openpgp.c:1500 msgid "|AN|New Admin PIN" msgstr "|AN|Neue Admin PIN" -#: scd/app-openpgp.c:1493 +#: scd/app-openpgp.c:1500 msgid "|N|New PIN" msgstr "|N|Neue PIN" -#: scd/app-openpgp.c:1497 +#: scd/app-openpgp.c:1504 #, c-format msgid "error getting new PIN: %s\n" msgstr "Fehler beim Holen der neuen PIN: %s\n" -#: scd/app-openpgp.c:1547 scd/app-openpgp.c:1996 +#: scd/app-openpgp.c:1554 scd/app-openpgp.c:2003 msgid "error reading application data\n" msgstr "Fehler beim Lesen der Anwendungsdaten\n" -#: scd/app-openpgp.c:1553 scd/app-openpgp.c:2003 +#: scd/app-openpgp.c:1560 scd/app-openpgp.c:2010 msgid "error reading fingerprint DO\n" msgstr "Fehler beim Lesen des Fingerabdruck Datenobjekts\n" -#: scd/app-openpgp.c:1563 +#: scd/app-openpgp.c:1570 msgid "key already exists\n" msgstr "Schlüssel existiert bereits\n" -#: scd/app-openpgp.c:1567 +#: scd/app-openpgp.c:1574 msgid "existing key will be replaced\n" msgstr "Existierender Schlüssel wird ersetzt\n" -#: scd/app-openpgp.c:1569 +#: scd/app-openpgp.c:1576 msgid "generating new key\n" msgstr "Neuer Schlüssel wird erzeugt\n" -#: scd/app-openpgp.c:1736 +#: scd/app-openpgp.c:1743 msgid "creation timestamp missing\n" msgstr "Erzeugungsdatum fehlt\n" -#: scd/app-openpgp.c:1743 +#: scd/app-openpgp.c:1750 #, c-format msgid "RSA modulus missing or not of size %d bits\n" msgstr "Der RSA Modulus fehlt oder ist nicht %d Bits lang\n" -#: scd/app-openpgp.c:1750 +#: scd/app-openpgp.c:1757 #, c-format msgid "RSA public exponent missing or larger than %d bits\n" msgstr "Der öffentliche RSA Exponent fehlt oder ist länger als %d Bits\n" -#: scd/app-openpgp.c:1758 scd/app-openpgp.c:1765 +#: scd/app-openpgp.c:1765 scd/app-openpgp.c:1772 #, c-format msgid "RSA prime %s missing or not of size %d bits\n" msgstr "Die RSA Primzahl %s fehlt oder ist nicht %d Bits lang\n" -#: scd/app-openpgp.c:1828 +#: scd/app-openpgp.c:1835 #, c-format msgid "failed to store the key: %s\n" msgstr "Fehler beim Speichern des Schlüssels: %s\n" -#: scd/app-openpgp.c:1887 +#: scd/app-openpgp.c:1894 msgid "please wait while key is being generated ...\n" msgstr "Bitte warten bis der Schlüssel erzeugt wurde ...\n" -#: scd/app-openpgp.c:1901 +#: scd/app-openpgp.c:1908 msgid "generating key failed\n" msgstr "Fehler beim Erzeugen des Schlüssels\n" -#: scd/app-openpgp.c:1904 +#: scd/app-openpgp.c:1911 #, c-format msgid "key generation completed (%d seconds)\n" msgstr "Schlüsselerzeugung vollendet (%d Sekunden)\n" -#: scd/app-openpgp.c:1961 +#: scd/app-openpgp.c:1968 msgid "invalid structure of OpenPGP card (DO 0x93)\n" msgstr "Ungültige Struktur der OpenPGP Karte (DO 0x93)\n" -#: scd/app-openpgp.c:2130 +#: scd/app-openpgp.c:2137 #, c-format msgid "signatures created so far: %lu\n" msgstr "Anzahl bereits erzeugter Signaturen: %lu\n" -#: scd/app-openpgp.c:2138 +#: scd/app-openpgp.c:2145 #, c-format msgid "||Please enter the PIN%%0A[sigs done: %lu]" msgstr "||Bitte geben Sie die PIN ein%%0A[Sigs bisher: %lu]" -#: scd/app-openpgp.c:2399 +#: scd/app-openpgp.c:2406 msgid "" "verification of Admin PIN is currently prohibited through this command\n" msgstr "" "Die Überprüfung der Admin PIN is momentan durch ein Kommando verboten " "worden\n" -#: scd/app-openpgp.c:2470 scd/app-openpgp.c:2480 +#: scd/app-openpgp.c:2477 scd/app-openpgp.c:2487 #, c-format msgid "can't access %s - invalid OpenPGP card?\n" msgstr "Zugriff auf %s nicht möglich - ungültige OpenPGP Karte?\n" @@ -921,7 +921,8 @@ msgstr "Die vorhandene CRL ist zu alt" #: sm/certchain.c:607 msgid "please make sure that the \"dirmngr\" is properly installed\n" -msgstr "Bitte vergewissern Sie sich das der \"dirmngr\" richtig installierrt ist\n" +msgstr "" +"Bitte vergewissern Sie sich das der \"dirmngr\" richtig installierrt ist\n" #: sm/certchain.c:612 #, c-format @@ -1038,243 +1039,243 @@ msgstr "Schwacher Schlüssel - es wird erneut versucht\n" msgid "no valid recipients given\n" msgstr "Keine gültigen Empfänger angegeben\n" -#: sm/gpgsm.c:239 +#: sm/gpgsm.c:241 msgid "|[FILE]|make a signature" msgstr "|[DATEI]|Erzeuge eine Signatur" -#: sm/gpgsm.c:240 +#: sm/gpgsm.c:242 msgid "|[FILE]|make a clear text signature" msgstr "|[DATEI]|Erzeuge eine Klartextsignatur" -#: sm/gpgsm.c:241 +#: sm/gpgsm.c:243 msgid "make a detached signature" msgstr "Erzeuge eine abgetrennte Signatur" -#: sm/gpgsm.c:242 +#: sm/gpgsm.c:244 msgid "encrypt data" msgstr "Verschlüssele die Daten" -#: sm/gpgsm.c:243 +#: sm/gpgsm.c:245 msgid "encryption only with symmetric cipher" msgstr "Verschlüsselung nur mit symmetrischem Algrithmus" -#: sm/gpgsm.c:244 +#: sm/gpgsm.c:246 msgid "decrypt data (default)" msgstr "Enschlüssele die Daten" -#: sm/gpgsm.c:245 +#: sm/gpgsm.c:247 msgid "verify a signature" msgstr "Überprüfen einer Signatur" -#: sm/gpgsm.c:247 +#: sm/gpgsm.c:249 msgid "list keys" msgstr "Schlüssel anzeigen" -#: sm/gpgsm.c:248 +#: sm/gpgsm.c:250 msgid "list external keys" msgstr "Externe Schlüssel anzeigen" -#: sm/gpgsm.c:249 +#: sm/gpgsm.c:251 msgid "list secret keys" msgstr "Geheime Schlüssel anzeigen" -#: sm/gpgsm.c:250 +#: sm/gpgsm.c:252 msgid "list certificate chain" msgstr "Schlüssel mit Zertifikatekette anzeigen" -#: sm/gpgsm.c:252 +#: sm/gpgsm.c:254 msgid "list keys and fingerprints" msgstr "Schlüssel und Fingerprint anzeigen" -#: sm/gpgsm.c:253 +#: sm/gpgsm.c:255 msgid "generate a new key pair" msgstr "Neues Schlüsselpaar erzeugen" -#: sm/gpgsm.c:254 +#: sm/gpgsm.c:256 msgid "remove key from the public keyring" msgstr "Schlüssel aus dem öffentlichen Schlüsselbund löschen" -#: sm/gpgsm.c:255 +#: sm/gpgsm.c:257 msgid "export keys to a key server" msgstr "Schlüssen an eine Schlüsselserver exportieren" -#: sm/gpgsm.c:256 +#: sm/gpgsm.c:258 msgid "import keys from a key server" msgstr "Schlüssel von einem Schlüsselserver importieren" -#: sm/gpgsm.c:257 +#: sm/gpgsm.c:259 msgid "import certificates" msgstr "Zertifikate importieren" -#: sm/gpgsm.c:258 +#: sm/gpgsm.c:260 msgid "export certificates" msgstr "Zertifikate exportieren" -#: sm/gpgsm.c:259 +#: sm/gpgsm.c:261 msgid "register a smartcard" msgstr "Smartcard registrieren" -#: sm/gpgsm.c:260 +#: sm/gpgsm.c:262 msgid "run in server mode" msgstr "Im Server Modus ausführen" -#: sm/gpgsm.c:261 +#: sm/gpgsm.c:263 msgid "pass a command to the dirmngr" msgstr "Das Kommand an den Dirmngr durchreichen" -#: sm/gpgsm.c:263 +#: sm/gpgsm.c:265 msgid "invoke gpg-protect-tool" msgstr "Rufe das gpg-protect-tool auf" -#: sm/gpgsm.c:264 +#: sm/gpgsm.c:266 msgid "change a passphrase" msgstr "Das Mantra (Passphrase) ändern" -#: sm/gpgsm.c:274 +#: sm/gpgsm.c:276 msgid "create ascii armored output" msgstr "Ausgabe mit ASCII Hülle wird erzeugt" -#: sm/gpgsm.c:276 +#: sm/gpgsm.c:278 msgid "create base-64 encoded output" msgstr "Ausgabe im Basis-64 format erzeugen" -#: sm/gpgsm.c:278 +#: sm/gpgsm.c:280 msgid "assume input is in PEM format" msgstr "Eingabedaten sind im PEM Format" -#: sm/gpgsm.c:280 +#: sm/gpgsm.c:282 msgid "assume input is in base-64 format" msgstr "Eingabedaten sind im Basis-64 Format" -#: sm/gpgsm.c:282 +#: sm/gpgsm.c:284 msgid "assume input is in binary format" msgstr "Eingabedaten sind im Binärformat" -#: sm/gpgsm.c:284 +#: sm/gpgsm.c:286 msgid "|NAME|encrypt for NAME" msgstr "|NAME|Verschlüsseln für NAME" -#: sm/gpgsm.c:287 +#: sm/gpgsm.c:289 msgid "use system's dirmngr if available" msgstr "Benutze den System Dirmngr when verfügbar" -#: sm/gpgsm.c:288 +#: sm/gpgsm.c:290 msgid "never consult a CRL" msgstr "Niemals eine CRL konsultieren" -#: sm/gpgsm.c:295 +#: sm/gpgsm.c:297 msgid "check validity using OCSP" msgstr "Die Gültigkeit mittels OCSP prüfen" -#: sm/gpgsm.c:298 +#: sm/gpgsm.c:300 msgid "|N|number of certificates to include" msgstr "|N|Sende N Zertifikate mit" -#: sm/gpgsm.c:301 +#: sm/gpgsm.c:303 msgid "|FILE|take policy information from FILE" msgstr "|DATEI|Richtlinieninformationen DATEI entnehmen" -#: sm/gpgsm.c:304 +#: sm/gpgsm.c:306 msgid "do not check certificate policies" msgstr "Zertikikatrichtlinien nicht überprüfen" -#: sm/gpgsm.c:308 +#: sm/gpgsm.c:310 msgid "fetch missing issuer certificates" msgstr "Fehlende Zertifikate automatisch holen" -#: sm/gpgsm.c:312 +#: sm/gpgsm.c:314 msgid "|NAME|use NAME as default recipient" msgstr "|NAME|Benutze NAME als voreingestellten Empfänger" -#: sm/gpgsm.c:314 +#: sm/gpgsm.c:316 msgid "use the default key as default recipient" msgstr "Benuzte voreingestellten Schlüssel als Standardempfänger" -#: sm/gpgsm.c:320 +#: sm/gpgsm.c:322 msgid "use this user-id to sign or decrypt" msgstr "Benuzte diese Benutzer ID zum Signieren oder Entschlüsseln" -#: sm/gpgsm.c:323 +#: sm/gpgsm.c:325 msgid "|N|set compress level N (0 disables)" msgstr "|N|Benutze Komprimierungsstufe N" -#: sm/gpgsm.c:325 +#: sm/gpgsm.c:327 msgid "use canonical text mode" msgstr "Kanonischen Textmodus benutzen" -#: sm/gpgsm.c:328 tools/gpgconf.c:61 +#: sm/gpgsm.c:330 tools/gpgconf.c:61 msgid "use as output file" msgstr "als Ausgabedatei benutzen" -#: sm/gpgsm.c:331 +#: sm/gpgsm.c:333 msgid "don't use the terminal at all" msgstr "Das Terminal überhaupt nicht benutzen" -#: sm/gpgsm.c:334 +#: sm/gpgsm.c:337 msgid "force v3 signatures" msgstr "Version 3 Signaturen erzwingen" -#: sm/gpgsm.c:335 +#: sm/gpgsm.c:338 msgid "always use a MDC for encryption" msgstr "Immer das MDC Verfahren zum verschlüsseln mitbenutzen" -#: sm/gpgsm.c:340 +#: sm/gpgsm.c:343 msgid "batch mode: never ask" msgstr "Stapelverarbeitungs Modus: Nie nachfragen" -#: sm/gpgsm.c:341 +#: sm/gpgsm.c:344 msgid "assume yes on most questions" msgstr "\"Ja\" auf die meisten Anfragen annehmen" -#: sm/gpgsm.c:342 +#: sm/gpgsm.c:345 msgid "assume no on most questions" msgstr "\"Nein\" auf die meisten Anfragen annehmen" -#: sm/gpgsm.c:344 +#: sm/gpgsm.c:347 msgid "add this keyring to the list of keyrings" msgstr "Diesen Keyring in die Liste der Keyrings aufnehmen" -#: sm/gpgsm.c:345 +#: sm/gpgsm.c:348 msgid "add this secret keyring to the list" msgstr "Diese geheimen Keyring in die Liste aufnehmen" -#: sm/gpgsm.c:346 +#: sm/gpgsm.c:349 msgid "|NAME|use NAME as default secret key" msgstr "|NAME|Benutze NAME als voreingestellten Schlüssel" -#: sm/gpgsm.c:347 +#: sm/gpgsm.c:350 msgid "|HOST|use this keyserver to lookup keys" msgstr "|HOST|Benutze HOST als Schlüsselserver" -#: sm/gpgsm.c:348 +#: sm/gpgsm.c:351 msgid "|NAME|set terminal charset to NAME" msgstr "|NAME|Den Zeichensatz für das Terminal auf NAME setzen" -#: sm/gpgsm.c:352 +#: sm/gpgsm.c:355 msgid "|LEVEL|set the debugging level to LEVEL" msgstr "|NAME|Die Debugstufe auf NAME setzen" -#: sm/gpgsm.c:359 +#: sm/gpgsm.c:363 msgid "|FD|write status info to this FD" msgstr "|FD|Statusinformationen auf Dateidescriptor FD schreiben" -#: sm/gpgsm.c:366 +#: sm/gpgsm.c:370 msgid "|FILE|load extension module FILE" msgstr "|DATEI|Das Erweiterungsmodul DATEI laden" -#: sm/gpgsm.c:372 +#: sm/gpgsm.c:376 msgid "|NAME|use cipher algorithm NAME" msgstr "|NAME|Den Verschlüsselungsalgrithmus NAME benutzen" -#: sm/gpgsm.c:374 +#: sm/gpgsm.c:378 msgid "|NAME|use message digest algorithm NAME" msgstr "|NAME|Den Hashalgorithmus NAME benutzen" -#: sm/gpgsm.c:376 +#: sm/gpgsm.c:380 msgid "|N|use compress algorithm N" msgstr "|N|Den Kompressionsalgorithmus Nummer N benutzen" -#: sm/gpgsm.c:384 +#: sm/gpgsm.c:388 msgid "" "@\n" "(See the man page for a complete listing of all commands and options)\n" @@ -1282,7 +1283,7 @@ msgstr "" "@\n" "(Die \"man\" Seite beschreibt alle Kommands und Optionen)\n" -#: sm/gpgsm.c:387 +#: sm/gpgsm.c:391 msgid "" "@\n" "Examples:\n" @@ -1302,11 +1303,11 @@ msgstr "" " --list-keys [Namen] Schlüssel anzeigenn\n" " --fingerprint [Namen] \"Fingerabdrücke\" anzeigen\\n\n" -#: sm/gpgsm.c:506 +#: sm/gpgsm.c:510 msgid "Usage: gpgsm [options] [files] (-h for help)" msgstr "Gebrauch: gpgsm [Optionen] [Dateien] (-h für Hilfe)" -#: sm/gpgsm.c:509 +#: sm/gpgsm.c:513 msgid "" "Syntax: gpgsm [options] [files]\n" "sign, check, encrypt or decrypt using the S/MIME protocol\n" @@ -1315,7 +1316,7 @@ msgstr "" "Gebrauch: gpgsm [Optionen] [Dateien]\n" "Signieren, prüfen, ver- und entschlüsseln mittels S/MIME protocol\n" -#: sm/gpgsm.c:516 +#: sm/gpgsm.c:520 msgid "" "\n" "Supported algorithms:\n" @@ -1323,50 +1324,50 @@ msgstr "" "\n" "Unterstützte Algorithmen:\n" -#: sm/gpgsm.c:603 +#: sm/gpgsm.c:607 msgid "usage: gpgsm [options] " msgstr "Gebrauch: gpgsm [Optionen] " -#: sm/gpgsm.c:668 +#: sm/gpgsm.c:672 msgid "conflicting commands\n" msgstr "Widersprechende Kommandos\n" -#: sm/gpgsm.c:684 +#: sm/gpgsm.c:688 #, c-format msgid "can't encrypt to `%s': %s\n" msgstr "Verschlüsseln für `%s' nicht möglich: %s\n" -#: sm/gpgsm.c:758 +#: sm/gpgsm.c:762 #, c-format msgid "libksba is too old (need %s, have %s)\n" msgstr "Die Bibliothek Libksba is nicht aktuell (benötige %s, habe %s)\n" -#: sm/gpgsm.c:1215 +#: sm/gpgsm.c:1221 msgid "WARNING: program may create a core file!\n" msgstr "WARNUNG: Programm könnte eine core-dump-Datei schreiben!\n" -#: sm/gpgsm.c:1227 +#: sm/gpgsm.c:1233 msgid "WARNING: running with faked system time: " msgstr "WARNUNG: Ausführung mit gefälschter Systemzeit: " -#: sm/gpgsm.c:1253 +#: sm/gpgsm.c:1259 msgid "selected cipher algorithm is invalid\n" msgstr "Das ausgewählte Verschlüsselungsverfahren ist ungültig\n" -#: sm/gpgsm.c:1261 +#: sm/gpgsm.c:1267 msgid "selected digest algorithm is invalid\n" msgstr "Das ausgewählte Hashverfahren ist ungültig\n" -#: sm/gpgsm.c:1291 +#: sm/gpgsm.c:1297 #, c-format msgid "can't sign using `%s': %s\n" msgstr "Signieren mit `%s' nicht möglich: %s\n" -#: sm/gpgsm.c:1464 +#: sm/gpgsm.c:1470 msgid "this command has not yet been implemented\n" msgstr "Diee Kommando wurde noch nicht implementiert\n" -#: sm/gpgsm.c:1694 sm/gpgsm.c:1731 +#: sm/gpgsm.c:1700 sm/gpgsm.c:1737 #, c-format msgid "can't open `%s': %s\n" msgstr "Datei `%s' kann nicht geöffnet werden: %s\n" diff --git a/scd/ChangeLog b/scd/ChangeLog index 3e8292dee..df22c6bfd 100644 --- a/scd/ChangeLog +++ b/scd/ChangeLog @@ -1,3 +1,9 @@ +2005-09-06 Werner Koch + + * app-p15.c (do_sign): Tweaked for BELPIC cards. + (read_home_df): New arg R_BELPIC. + (app_select_p15): Set card type for BELPIC. + 2005-09-05 Werner Koch * iso7816.c (iso7816_select_path): New. diff --git a/scd/app-p15.c b/scd/app-p15.c index c8d38850b..bf3c4dc1e 100644 --- a/scd/app-p15.c +++ b/scd/app-p15.c @@ -39,8 +39,10 @@ typedef enum { CARD_TYPE_UNKNOWN, CARD_TYPE_TCOS, - CARD_TYPE_MICARDO - } card_type_t; + CARD_TYPE_MICARDO, + CARD_TYPE_BELPIC /* Belgian eID card specs. */ + } +card_type_t; /* A list card types with ATRs noticed with these cards. */ #define X(a) ((unsigned char const *)(a)) @@ -2771,6 +2773,8 @@ do_sign (app_t app, const char *keyidstr, int hashalgo, + the largest OID prefix above. */ prkdf_object_t prkdf; /* The private key object. */ aodf_object_t aodf; /* The associated authentication object. */ + int no_data_padding = 0; /* True if the card want the data without padding.*/ + int mse_done = 0; /* Set to true if the MSE has been done. */ if (!keyidstr || !*keyidstr) return gpg_error (GPG_ERR_INV_VALUE); @@ -2833,6 +2837,35 @@ do_sign (app_t app, const char *keyidstr, int hashalgo, return err; } + + /* Due to the fact that the non-repudiation signature on a BELPIC + card requires a ver verify immediately before the DSO we set the + MSE before we do the verification. Other cards might allow to do + this also but I don't want to break anything, thus we do it only + for the BELPIC card here. */ + if (app->app_local->card_type == CARD_TYPE_BELPIC) + { + unsigned char mse[5]; + + mse[0] = 4; /* Length of the template. */ + mse[1] = 0x80; /* Algorithm reference tag. */ + mse[2] = 0x02; /* Algorithm: RSASSA-PKCS1-v1.5 using SHA1. */ + mse[3] = 0x84; /* Private key reference tag. */ + mse[4] = prkdf->key_reference_valid? prkdf->key_reference : 0x82; + + err = iso7816_manage_security_env (app->slot, + 0x41, 0xB6, + mse, sizeof mse); + no_data_padding = 1; + mse_done = 1; + } + if (err) + { + log_error ("MSE failed: %s\n", gpg_strerror (err)); + return err; + } + + /* Now that we have all the information available, prepare and run the PIN verification.*/ if (1) @@ -2841,8 +2874,12 @@ do_sign (app_t app, const char *keyidstr, int hashalgo, size_t pinvaluelen; const char *errstr; const char *s; - - err = pincb (pincb_arg, "PIN", &pinvalue); + + if (prkdf->usageflags.non_repudiation + && app->app_local->card_type == CARD_TYPE_BELPIC) + err = pincb (pincb_arg, "PIN (qualified signature!)", &pinvalue); + else + err = pincb (pincb_arg, "PIN", &pinvalue); if (err) { log_info ("PIN callback returned error: %s\n", gpg_strerror (err)); @@ -2884,8 +2921,6 @@ do_sign (app_t app, const char *keyidstr, int hashalgo, switch (aodf->pintype) { case PIN_TYPE_BCD: - errstr = "PIN type BCD is not supported"; - break; case PIN_TYPE_ASCII_NUMERIC: for (s=pinvalue; digitp (s); s++) ; @@ -2914,7 +2949,39 @@ do_sign (app_t app, const char *keyidstr, int hashalgo, return err? err : gpg_error (GPG_ERR_BAD_PIN_METHOD); } - if (aodf->pinflags.needs_padding) + + if (aodf->pintype == PIN_TYPE_BCD ) + { + char *paddedpin; + int ndigits; + + for (ndigits=0, s=pinvalue; *s; ndigits++, s++) + ; + paddedpin = xtrymalloc (aodf->stored_length+1); + if (!paddedpin) + { + err = gpg_error_from_errno (errno); + xfree (pinvalue); + return err; + } + + i = 0; + paddedpin[i++] = 0x20 | (ndigits & 0x0f); + for (s=pinvalue; i < aodf->stored_length && *s && s[1]; s = s+2 ) + paddedpin[i++] = (((*s - '0') << 4) | ((s[1] - '0') & 0x0f)); + if (i < aodf->stored_length && *s) + paddedpin[i++] = (((*s - '0') << 4) + |((aodf->pad_char_valid?aodf->pad_char:0)&0x0f)); + + if (aodf->pinflags.needs_padding) + while (i < aodf->stored_length) + paddedpin[i++] = aodf->pad_char_valid? aodf->pad_char : 0; + + xfree (pinvalue); + pinvalue = paddedpin; + pinvaluelen = i; + } + else if (aodf->pinflags.needs_padding) { char *paddedpin; @@ -2979,7 +3046,9 @@ do_sign (app_t app, const char *keyidstr, int hashalgo, } /* Manage security environment needs to be weaked for certain cards. */ - if (app->app_local->card_type == CARD_TYPE_TCOS) + if (mse_done) + err = 0; + else if (app->app_local->card_type == CARD_TYPE_TCOS) { /* TCOS creates signatures always using the local key 0. MSE may not be used. */ @@ -3009,18 +3078,21 @@ do_sign (app_t app, const char *keyidstr, int hashalgo, return err; } - - err = iso7816_compute_ds (app->slot, data, 35, outdata, outdatalen); + if (no_data_padding) + err = iso7816_compute_ds (app->slot, data+15, 20, outdata, outdatalen); + else + err = iso7816_compute_ds (app->slot, data, 35, outdata, outdatalen); return err; } /* Assume that EF(DIR) has been selected. Read its content and figure - out the home EF of pkcs#15. Return that home DF or 0 if not - found. */ + out the home EF of pkcs#15. Return that home DF or 0 if not found + and the value at the address of BELPIC indicates whether it was + found by the belpic aid. */ static unsigned short -read_home_df (int slot) +read_home_df (int slot, int *r_belpic) { gpg_error_t err; unsigned char *buffer; @@ -3028,6 +3100,8 @@ read_home_df (int slot) size_t buflen, n, nn; unsigned short result = 0; + *r_belpic = 0; + err = iso7816_read_binary (slot, 0, 0, &buffer, &buflen); if (err) { @@ -3040,9 +3114,9 @@ read_home_df (int slot) if (p && n) { pp = find_tlv (p, n, 0x4f, &nn); - if (pp - && ((nn == sizeof pkcs15_aid && !memcmp (pp, pkcs15_aid, nn)) - ||(nn == sizeof pkcs15be_aid && !memcmp (pp, pkcs15be_aid, nn)))) + if (pp && ((nn == sizeof pkcs15_aid && !memcmp (pp, pkcs15_aid, nn)) + || (*r_belpic = (nn == sizeof pkcs15be_aid + && !memcmp (pp, pkcs15be_aid, nn))))) { pp = find_tlv (p, n, 0x50, &nn); if (pp) /* fixme: Filter log value? */ @@ -3072,10 +3146,15 @@ app_select_p15 (app_t app) unsigned short def_home_df = 0; card_type_t card_type = CARD_TYPE_UNKNOWN; int direct = 0; - + int is_belpic = 0; + rc = iso7816_select_application (slot, pkcs15_aid, sizeof pkcs15_aid); if (rc) - rc = iso7816_select_application (slot, pkcs15be_aid, sizeof pkcs15be_aid); + { + rc = iso7816_select_application (slot, pkcs15be_aid,sizeof pkcs15be_aid); + if (!rc) + is_belpic = 1; + } if (rc) { /* Not found: Try to locate it from 2F00. We use direct path selection here because it seems that the Belgian eID card @@ -3087,7 +3166,7 @@ app_select_p15 (app_t app) if (!rc) { direct = 1; - def_home_df = read_home_df (slot); + def_home_df = read_home_df (slot, &is_belpic); if (def_home_df) { path[0] = def_home_df; @@ -3102,24 +3181,33 @@ app_select_p15 (app_t app) } if (!rc) { - /* We need to know the ATR for tweaking some security operations. */ - unsigned char *atr; - size_t atrlen; - int i; - - atr = apdu_get_atr (app->slot, &atrlen); - if (!atr) - rc = gpg_error (GPG_ERR_INV_CARD); + /* Determine the type of the card. The general case is to look + it up from the ATR table. For the Belgian eID card we know + it instantly from the AID. */ + if (is_belpic) + { + card_type = CARD_TYPE_BELPIC; + } else { - for (i=0; card_atr_list[i].atrlen; i++) - if (card_atr_list[i].atrlen == atrlen - && !memcmp (card_atr_list[i].atr, atr, atrlen)) - { - card_type = card_atr_list[i].type; - break; - } - xfree (atr); + unsigned char *atr; + size_t atrlen; + int i; + + atr = apdu_get_atr (app->slot, &atrlen); + if (!atr) + rc = gpg_error (GPG_ERR_INV_CARD); + else + { + for (i=0; card_atr_list[i].atrlen; i++) + if (card_atr_list[i].atrlen == atrlen + && !memcmp (card_atr_list[i].atr, atr, atrlen)) + { + card_type = card_atr_list[i].type; + break; + } + xfree (atr); + } } } if (!rc) diff --git a/scd/command.c b/scd/command.c index 52a86871e..d556822a2 100644 --- a/scd/command.c +++ b/scd/command.c @@ -667,7 +667,7 @@ pin_cb (void *opaque, const char *info, char **retstr) return gpg_error (gpg_err_code_from_errno (errno)); /* Fixme: Write an inquire function which returns the result in - secure memory and check all futher handling of the PIN. */ + secure memory and check all further handling of the PIN. */ rc = assuan_inquire (ctx, command, &value, &valuelen, MAXLEN_PIN); free (command); if (rc)