gpgsm: New option --compatibility-flags.

* sm/gpgsm.c (oCompatibilityFlags): New option. (compatibility_flags): new. (main): Parse and print them in verbose mode. * sm/gpgsm.h (opt): Add field compat_glags.: (COMPAT_ALLOW_KA_TO_ENCR): New. * sm/keylist.c (print_capabilities): Take care of the new flag. * sm/certlist.c (cert_usage_p): Ditto.
2025-07-02 22:46:30 +02:00 · 2022-06-13 17:46:40 +02:00 · 2022-06-13 17:46:40 +02:00 · f0b373cec9
commit f0b373cec9
parent ce63eaa4f8
5 changed files with 76 additions and 9 deletions
--- a/sm/gpgsm.h
+++ b/sm/gpgsm.h
@ -176,6 +176,9 @@ struct
   * HEX_OR_FILENAME.  The actual value needs to be encoded as a SET OF
   * attribute values.  */
  strlist_t attributes;
+
+  /* Compatibility flags (COMPAT_FLAG_xxxx).  */
+  unsigned int compat_flags;
 } opt;

 /* Debug values and macros.  */
@ -199,6 +202,18 @@ struct
 #define DBG_CLOCK   (opt.debug & DBG_CLOCK_VALUE)
 #define DBG_LOOKUP  (opt.debug & DBG_LOOKUP_VALUE)

+
+/* Compatibility flags */
+/* Telesec RSA cards produced for NRW in 2022 came with only the
+ * keyAgreement bit set.  This flag allows there use for encryption
+ * anyway.  Example cert:
+ *    Issuer: /CN=DOI CA 10a/OU=DOI/O=PKI-1-Verwaltung/C=DE
+ * key usage: digitalSignature nonRepudiation keyAgreement
+ *  policies: 1.3.6.1.4.1.7924.1.1:N:
+ */
+#define COMPAT_ALLOW_KA_TO_ENCR   1
+
+
 /* Forward declaration for an object defined in server.c */
 struct server_local_s;