scd:piv: Implement import of private keys for Yubikeys.

* scd/app-piv.c (concat_tlv_list): Add arg 'secure' and adjust callers. (writekey_rsa, writekey_ecc): New. (do_writekey): New. (do_writecert): Provide a better error message for an empty cert. (app_select_piv): Register do_writekey. * scd/iso7816.c (iso7816_send_apdu): New. * scd/app-common.h (APP_WRITEKEY_FLAG_FORCE): New. * agent/command.c (cmd_keytocard): Make the timestamp optional. * tools/card-call-scd.c (inq_writekey_parms): Remove. (scd_writekey): Rewrite. * tools/gpg-card.c (cmd_writekey): New. (enum cmdids): Add cmdWRITEKEY. (dispatch_command, interactive_loop): Call cmd_writekey. -- This has been tested with gpgsm and RSA keys. For ECC keys only partly tested using the sample OpenPGP nistp256 and nistp384 keys because gpgsm does not yet support ECC certificates and thus we can't write the certificates to the cert object after a writekey. Note that they nevertheless show up in "gpgcard list" because gpg-card searches for them in gpg and gpgsm. However, this does not work completely. Signed-off-by: Werner Koch <wk@gnupg.org>
2025-07-03 22:56:33 +02:00 · 2019-03-05 15:49:20 +01:00 · 2019-03-05 15:49:20 +01:00 · e897e1e255
commit e897e1e255
parent db87132b10
9 changed files with 561 additions and 54 deletions
--- a/tools/gpg-card.h
+++ b/tools/gpg-card.h
@ -208,8 +208,7 @@ gpg_error_t scd_setattr (const char *name,
                         const unsigned char *value, size_t valuelen);
 gpg_error_t scd_writecert (const char *certidstr,
                           const unsigned char *certdata, size_t certdatalen);
-gpg_error_t scd_writekey (int keyno,
-                          const unsigned char *keydata, size_t keydatalen);
+gpg_error_t scd_writekey (const char *keyref, int force, const char *keygrip);
 gpg_error_t scd_genkey (const char *keyref, int force, const char *algo,
                        u32 *createtime);
 gpg_error_t scd_serialno (char **r_serialno, const char *demand);