security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-07-02 22:46:30 +02:00
Code Activity

scd:piv: Implement import of private keys for Yubikeys.

Browse source 
* scd/app-piv.c (concat_tlv_list): Add arg 'secure' and adjust
 callers.
(writekey_rsa, writekey_ecc): New.
(do_writekey): New.
(do_writecert): Provide a better error message for an empty cert.
(app_select_piv): Register do_writekey.
* scd/iso7816.c (iso7816_send_apdu): New.
* scd/app-common.h (APP_WRITEKEY_FLAG_FORCE): New.
* agent/command.c (cmd_keytocard): Make the timestamp optional.
* tools/card-call-scd.c (inq_writekey_parms): Remove.
(scd_writekey): Rewrite.
* tools/gpg-card.c (cmd_writekey): New.
(enum cmdids): Add cmdWRITEKEY.
(dispatch_command, interactive_loop): Call cmd_writekey.
--

This has been tested with gpgsm and RSA keys.  For ECC keys only
partly tested using the sample OpenPGP nistp256 and nistp384 keys
because gpgsm does not yet support ECC certificates and thus we can't
write the certificates to the cert object after a writekey.  Note that
they nevertheless show up in "gpgcard list" because gpg-card searches
for them in gpg and gpgsm.  However, this does not work completely.

Signed-off-by: Werner Koch <wk@gnupg.org>
This commit is contained in:
Werner Koch 2019-03-05 15:49:20 +01:00
parent db87132b10
commit e897e1e255
No known key found for this signature in database
GPG key ID: E3FDFF218E45B72B
9 changed files with 561 additions and 54 deletions
Download patch file Download diff file Expand all files Collapse all files

3
agent/call-scd.c
View file

@ -1088,7 +1088,8 @@ agent_card_writekey (ctrl_t ctrl, int force, const char *serialno,
char line[ASSUAN_LINELENGTH];
struct inq_needpin_parm_s parms;
(void)serialno;
(void)serialno; /* NULL or a number to check for the correct card.
* But is is not implemented. */
err = start_scd (ctrl);
if (err)

14
agent/command.c
View file

@ -2486,8 +2486,8 @@ cmd_delete_key (assuan_context_t ctx, char *line)
static const char hlp_keytocard[] =
"KEYTOCARD [--force] <hexgrip> <serialno> <keyref> [<timestamp>]\n"
"\n"
"TIMESTAMP is required for OpenPGP and defaults to the Epoch."
;
"TIMESTAMP is required for OpenPGP and defaults to the Epoch. The\n"
"SERIALNO is used for checking; use \"-\" to disable the check.";
static gpg_error_t
cmd_keytocard (assuan_context_t ctx, char *line)
{
@ -2527,8 +2527,18 @@ cmd_keytocard (assuan_context_t ctx, char *line)
goto leave;
}
/* Note that checking of the s/n is currently not implemented but we
* want to provide a clean interface if we ever implement it. */
serialno = argv[1];
if (!strcmp (serialno, "-"))
serialno = NULL;
keyref = argv[2];
/* FIXME: Default to the creation time as stored in the private
* key. The parameter is here so that gpg can make sure that the
* timestamp as used for key creation (and thus the openPGP
* fingerprint) is used. */
timestamp_str = argc > 3? argv[3] : "19700101T000000";
if ((timestamp = isotime2epoch (timestamp_str)) == (time_t)(-1))