1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-11-11 21:48:50 +01:00
Commit Graph

4 Commits

Author SHA1 Message Date
Werner Koch
2f761251c5
card: Allow "yubikey disable" only for Yubikey-5 and later.
* tools/card-yubikey.c (yubikey_commands): Add new arg INFO and test
for Yubikey-5.
* tools/gpg-card.c (cmd_yubikey): Pass info to yubikey_commands.
--

The configuration can be read from a Yubikey-4 but not be written.
The mode command is also not useful because it allows only the
selection of transports.  It does not allow to disable single
applications based on one transport (like OPGP and PIV).  Thsi patch
shows an appropriate error message.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-03-28 10:57:27 +01:00
Werner Koch
8d4af54ddd
card: Print card version. Check for bad Yubikeys.
* scd/app.c (app_new_register): Set card version for Yubikeys.
(app_write_learn_status): Print CARDVERSION and APPVERSION.
* tools/card-call-scd.c (learn_status_cb): Detect them.
* tools/gpg-card.h (struct card_info_s): Add appversion and
cardversion.
* tools/gpg-card.c (list_openpgp): Remove version printing from serial
number.
(print_a_version): New.
(list_card): Print card and app version.
(cmd_generate): Do not allow broken Yubikeys.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-03-05 17:40:08 +01:00
Werner Koch
e897e1e255
scd:piv: Implement import of private keys for Yubikeys.
* scd/app-piv.c (concat_tlv_list): Add arg 'secure' and adjust
 callers.
(writekey_rsa, writekey_ecc): New.
(do_writekey): New.
(do_writecert): Provide a better error message for an empty cert.
(app_select_piv): Register do_writekey.
* scd/iso7816.c (iso7816_send_apdu): New.
* scd/app-common.h (APP_WRITEKEY_FLAG_FORCE): New.
* agent/command.c (cmd_keytocard): Make the timestamp optional.
* tools/card-call-scd.c (inq_writekey_parms): Remove.
(scd_writekey): Rewrite.
* tools/gpg-card.c (cmd_writekey): New.
(enum cmdids): Add cmdWRITEKEY.
(dispatch_command, interactive_loop): Call cmd_writekey.
--

This has been tested with gpgsm and RSA keys.  For ECC keys only
partly tested using the sample OpenPGP nistp256 and nistp384 keys
because gpgsm does not yet support ECC certificates and thus we can't
write the certificates to the cert object after a writekey.  Note that
they nevertheless show up in "gpgcard list" because gpg-card searches
for them in gpg and gpgsm.  However, this does not work completely.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-03-05 15:49:20 +01:00
Werner Koch
28de5c0ea5
card: Rename gpg-card-tool to gpg-card.
* tools/card-tool-keys.c: Rename to card-keys.c.
* tools/card-tool-misc.c: Rename to card-misc.c.
* tools/card-tool-yubikey.c: Rename to card-yubikey.c.
* tools/card-tool.h: Rename to gpg-card.h.
* tools/gpg-card-tool-w32info.rc: Rename to gpg-card-w32info.rc
* doc/card-tool.texi: Rename top gpg-card.texi

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-02-25 09:34:30 +01:00