gpg: Add new field no 18 to the colon listing.

* g10/misc.c (gnupg_pk_is_compliant): New.
* g10/keylist.c (print_compliance_flags): New.
(list_keyblock_colon): Call it here.
* sm/keylist.c (print_compliance_flags): New.
(list_cert_colon): Call it here.
--

This patch is to convey information about DE_VS compliant keys to the
caller.  The double digit value is used so that parsers do the right
thing and don't just look for a single digit.

Signed-off-by: Werner Koch <wk@gnupg.org>

sm/keylist.c

@@ -346,6 +346,14 @@ email_kludge (const char *name)
 }
 
 
+/* Print the compliance flags to field 18.  ALGO is the gcrypt algo
+ * number.  NBITS is the length of the key in bits.  */
+static void
+print_compliance_flags (int algo, unsigned int nbits, estream_t fp)
+{
+  if (algo == GCRY_PK_RSA && nbits >= 2048)
+    es_fputs ("23", fp);
+}
 
 
 /* List one certificate in colon mode */
@@ -496,6 +504,8 @@ list_cert_colon (ctrl_t ctrl, ksba_cert_t cert, unsigned int validity,
   print_capabilities (cert, fp);
   /* Field 13, not used: */
   es_putc (':', fp);
+  /* Field 14, not used: */
+  es_putc (':', fp);
   if (have_secret || ctrl->with_secret)
     {
       char *cardsn;
@@ -504,18 +514,20 @@ list_cert_colon (ctrl_t ctrl, ksba_cert_t cert, unsigned int validity,
       if (!gpgsm_agent_keyinfo (ctrl, p, &cardsn)
           && (cardsn || ctrl->with_secret))
         {
-          /* Field 14, not used: */
-          es_putc (':', fp);
           /* Field 15:  Token serial number or secret key indicator.  */
           if (cardsn)
             es_fputs (cardsn, fp);
           else if (ctrl->with_secret)
             es_putc ('+', fp);
-          es_putc (':', fp);
         }
       xfree (cardsn);
       xfree (p);
     }
+  es_putc (':', fp);  /* End of field 15. */
+  es_putc (':', fp);  /* End of field 16. */
+  es_putc (':', fp);  /* End of field 17. */
+  print_compliance_flags (algo, nbits, fp);
+  es_putc (':', fp);  /* End of field 18. */
   es_putc ('\n', fp);
 
   /* FPR record */