scd:p15: Return the creation time of the keys.

* scd/app-p15.c (struct prkdf_object_s): Add keytime and keyalgostr. (keygrip_from_prkdf): Set them. (send_keypairinfo): Extend KEYPAIRINFO. Signed-off-by: Werner Koch <wk@gnupg.org>
2025-01-02 12:01:32 +01:00 · 2021-03-30 10:27:20 +02:00 · 2021-03-30 10:27:20 +02:00 · de4d3c99aa
commit de4d3c99aa
parent d1bac0a3be
2 changed files with 39 additions and 0 deletions
--- a/doc/DETAILS
+++ b/doc/DETAILS
@ -1229,6 +1229,13 @@ pkd:0:1024:B665B1435F4C2 .... FF26ABB:
    OPENPGP.129) and <string> is the algoritm or curve name, which
    is available for the key.

+*** KEY-TIME <keyref> <timestamp>
+    This is a response from scdaemon on GETATTR KEY-TIME.  A keyref of
+    1 gives the timestamp for the standard OpenPGP signing key, 2 for
+    the encryption key, and 3 for an authentication key.  Note that a
+    KEYPAIRINFO status lines carries the same information and should
+    be preferred.
+
 * Format of the --attribute-fd output

  When --attribute-fd is set, during key listings (--list-keys,
--- a/scd/app-p15.c
+++ b/scd/app-p15.c
@ -288,6 +288,9 @@ struct prkdf_object_s
  /* The keygrip of the key.  This is used as a cache.  */
  char keygrip[2*KEYGRIP_LEN+1];

+  /* A malloced algorithm string or NULL if not known.  */
+  char *keyalgostr;
+
  /* The Gcrypt algo identifier for the key.  It is valid if the
   * keygrip is also valid.  See also is_ecc above.  */
  int keyalgo;
@ -296,6 +299,9 @@ struct prkdf_object_s
   * modulus).  It is valid if the keygrip is also valid.  */
  unsigned int keynbits;

+  /* The creation time of the key or 0 if not known.  */
+  u32 keytime;
+
  /* Malloced CN from the Subject-DN of the corresponding certificate
   * or NULL if not known.  */
  char *common_name;
@ -539,6 +545,7 @@ release_prkdflist (prkdf_object_t a)
  while (a)
    {
      prkdf_object_t tmp = a->next;
+      xfree (a->keyalgostr);
      xfree (a->common_name);
      xfree (a->serial_number);
      xfree (a->objid);
@ -3840,6 +3847,19 @@ keygrip_from_prkdf (app_t app, prkdf_object_t prkdf)
        }
    }

+  if (!err && !prkdf->keytime)
+    {
+      ksba_isotime_t isot;
+      time_t t;
+
+      ksba_cert_get_validity (cert, 0, isot);
+      t = isotime2epoch (isot);
+      prkdf->keytime = (t == (time_t)(-1))? 0 : (u32)t;
+    }
+
+  if (!err && !prkdf->keyalgostr)
+    prkdf->keyalgostr = pubkey_algo_string (s_pkey, NULL);
+
  ksba_cert_release (cert);
  if (err)
    goto leave;
@ -3917,6 +3937,8 @@ send_keypairinfo (app_t app, ctrl_t ctrl, prkdf_object_t prkdf)
      else
        {
          char usage[5];
+          char keytime[20];
+          const char *algostr;
          size_t usagelen = 0;

          if (prkdf->gpgusage.any)
@ -3953,10 +3975,20 @@ send_keypairinfo (app_t app, ctrl_t ctrl, prkdf_object_t prkdf)
            }

          log_assert (strlen (prkdf->keygrip) == 40);
+          if (prkdf->keytime)
+            snprintf (keytime, sizeof keytime, "%lu",
+                      (unsigned long)prkdf->keytime);
+          else
+            strcpy (keytime, "-");
+
+          algostr = prkdf->keyalgostr;
+
          send_status_info (ctrl, "KEYPAIRINFO",
                            prkdf->keygrip, 2*KEYGRIP_LEN,
                            buf, strlen (buf),
                            usage, usagelen,
+                            keytime, strlen (keytime),
+                            algostr, strlen (algostr?algostr:""),
                            NULL, (size_t)0);
        }
      xfree (buf);