1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-23 10:29:58 +01:00

9038 Commits

Author SHA1 Message Date
NIIBE Yutaka
da5e0bc31b gpg: Use bytes for ECDH.
* g10/ecdh.c (extract_secret_x): Use byte * instead of MPI.
(prepare_ecdh_with_shared_point): Use char * instead of MPI.
(pk_ecdh_encrypt_with_shared_point): Likewise.
(pk_ecdh_decrypt): Likewise.
* g10/pkglue.h (pk_ecdh_encrypt_with_shared_point, pk_ecdh_decrypt):
Change declaration.
* g10/pkglue.c (get_data_from_sexp): New.
(pk_encrypt): Use get_data_from_sexp instead of get_mpi_from_sexp.
Follow the change of pk_ecdh_encrypt_with_shared_point.
* g10/pubkey-enc.c (get_it): Follow the change of pk_ecdh_decrypt.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-06-09 15:45:51 +09:00
NIIBE Yutaka
e9760eb9e7 gpg: Add X448 support.
* common/openpgp-oid.c (oidtable): Add X448.
(oid_x448,openpgp_oidbuf_is_x448,openpgp_oid_is_x448): New.
* common/util.h (openpgp_oid_is_x448): New.
* g10/ecdh.c (gen_k): Add handling of opaque MPI and support
endianness.
(pk_ecdh_generate_ephemeral_key): X448 requires opaque MPI.
* g10/keygen.c (gen_ecc): Add support for X448.
(ask_algo, parse_key_parameter_part): Likewise.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-06-09 14:56:50 +09:00
NIIBE Yutaka
f5bc945554 gpg,ecc: Handle external representation as SOS with opaque MPI.
* g10/pkglue.h (sexp_extract_param_sos): New.
* g10/build-packet.c (sos_write): New.
(do_key, do_pubkey_enc, do_signature): Use sos_write for ECC.
* g10/export.c (cleartext_secret_key_to_openpgp): Use
sexp_extract_param_sos.
(transfer_format_to_openpgp): Use opaque MPI for ECC.
* g10/keygen.c (ecckey_from_sexp): Use sexp_extract_param_sos.
* g10/keyid.c (hash_public_key): Handle opaque MPI for SOS.
* g10/parse-packet.c (sos_read): New.
(parse_pubkeyenc,parse_signature,parse_key): Use sos_read for ECC.
* g10/pkglue.c (sexp_extract_param_sos): New.
(pk_verify): Handle opaque MPI for SOS.
(pk_encrypt): Use sexp_extract_param_sos.
* g10/seskey.c (encode_session_key): Use opaque MPI.
* g10/sign.c (do_sign): Use sexp_extract_param_sos.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-06-09 10:32:47 +09:00
Werner Koch
5c2080f467
gpg: If possible TRUST values now depend on signer's UID or --sender.
* g10/mainproc.c (check_sig_and_print): Add failsafe check for PK.
Pass KEYBLOCK down do check_signatures_trust.  Protect existsing error
ocde in case the signature expired.
* g10/pkclist.c (is_in_sender_list): New.
(check_signatures_trust): Add args keyblock and pk.  Add new uid based
checking code.
* g10/test-stubs.c, g10/gpgv.c: Adjust stubs.
--

GnuPG-bug-id: 4735
Signed-off-by: Werner Koch <wk@gnupg.org>
2020-06-08 20:13:25 +02:00
Werner Koch
61bb75d045
build: Fix recent commit for SOURCE_DATE_EPOCH.
--

Fixes-commit: 074ab108e768b2f946d789c1f3a7f14a65e07c52
which was recently pushed to make use of $SOURCE_DATE_EPOCH
as fallback.

Also fixes two typos
2020-06-08 18:45:55 +02:00
Werner Koch
c1c607a51c
doc: Minor code comment fixes.
--
2020-06-08 15:22:58 +02:00
NIIBE Yutaka
e2e5736842 agent: Fix the condition to detect leading 0x00 problem.
* agent/sexp-secret.c (fixup_when_ecc_private_key): Use curve name
to identify the issue.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-06-08 10:55:16 +09:00
NIIBE Yutaka
47c1c329ed agent,ecc: Use of opaque MPI for ECC, fixup 'd'.
* agent/Makefile.am: Add sexp-secret.c.
* agent/agent.h: New function declarations.
* agent/sexp-secret.c: New.
* agent/findkey.c (agent_key_from_file): Use sexp_sscan_private_key.
* agent/protect-tool.c (read_and_unprotect): Fix up private part,
calling fixup_when_ecc_private_key.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-06-05 10:35:33 +09:00
NIIBE Yutaka
2b11851624 agent: For ECC, use opaque MPI for key representation.
* agent/cvt-openpgp.c (scan_pgp_format): New with SOS support.
(do_unprotect): Use scan_pgp_format, handle opaque MPI for ECC.
(convert_from_openpgp_main): Use opaque MPI for ECC.
(apply_protection): Set GCRYMPI_FLAG_USER1 flag for encrypted secret.
(extract_private_key): Use "/qd" for ECC, opaque MPI.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-06-05 10:09:05 +09:00
NIIBE Yutaka
a7d46c78e2 agent,ssh: Tighten condition for EdDSA.
* agent/command-ssh.c (ssh_key_to_blob): Prepare for non-prefixed
point representation of EdDSA.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-06-05 09:20:21 +09:00
NIIBE Yutaka
2e988546c5 agent: Remove duplicated code for EdDSA.
* agent/command-ssh.c (ssh_receive_key): Curve is "Ed25519".
Use sexp_key_construct always.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-06-05 09:13:52 +09:00
NIIBE Yutaka
4c0b12f817 agent: Clean up do_encode_md.
* agent/pksign.c (do_encode_md): Directly use sexp_build.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-06-05 09:05:05 +09:00
Werner Koch
074ab108e7
doc: Minor enhancement for reproducibility.
* doc/Makefile.am (defsincdate): In no repo mode and with
SOURCE_DATE_EPOCH set, use that instead of blanking the date.
--

GnuPG-bug-id: 4947
2020-06-03 17:15:33 +02:00
Werner Koch
4f6e0e12cb
card: Improve openpgp key writing in "writecert".
* tools/card-keys.c (struct export_key_status_parm_s): New.
(export_key_status_cb): New.
(get_minimal_openpgp_key): New.
* tools/gpg-card.c (cmd_writecert): Allow writing a keyblock directly
from an existing gpg key.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-06-03 16:25:59 +02:00
Werner Koch
48251cf9a7
gpg: Improve generation of keys stored on card (brainpool,cv25519).
* g10/keygen.c (ask_key_flags_with_mask): Allow more than ECDH for
legacy curves.
(ask_algo): Tweak mapping of ECC to OpenPGP algos
(parse_key_parameter_part): Ditto.
(generate_subkeypair): Create the subkey with the time stored on the
card.
--

This fixes two problems with generating keys from a card:

1. The key usage is now set correctly for brainpool curves.

2. The add-key and --quick-add-key commands now also take the creation
   time from the time stored on the card.  Without that we would need
   to update the creation time and fingerprint already stored on the
   card which is a no-go if another key has already been created using
   that on-card key.

Note: To create a key on a card without an OpenPGP keyblock use
gpg-card.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-06-03 16:22:42 +02:00
Werner Koch
7558128e16
sm: Fix recently introduced regression in CSR creation.
* sm/certreqgen.c (create_request): Also set SIGKEYLEN.
--

Fixes-commit: 44676819f2873705b78849e7b2fd22214b691642
Signed-off-by: Werner Koch <wk@gnupg.org>
2020-06-03 11:21:10 +02:00
NIIBE Yutaka
f3df8dbb69 scd: Fix condition for C5 data object for newer Yubikey.
* scd/app-openpgp.c (compare_fingerprint): Relax the condition.

GnuPG-bug-id: 4957
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-05-29 11:18:50 +09:00
Werner Koch
2d9592e78f
card: Allow to store and retrieve keyblocks in OpenPGP cards.
* tools/gpg-card.c: Include tlv.h.
(cmd_writecert): Add option --openpgp.
(cmd_readcert): Ditto.
--

We use the CERT object for this and encapsulate the key block in a CMS
object.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-05-28 15:55:54 +02:00
Werner Koch
ed0759f39b
card: New command "apdu"
* tools/card-call-scd.c (scd_apdu): Add optional arg 'options'.
* tools/gpg-card.c (cmd_apdu): New.
(enum cmdids): Add cmdAPDU.
(dispatch_command): Add command "apdu".
(interactive_loop): Ditto.
--

This command is hidden because it can be used to brick a card.  The
command is basically the same as sending "scd apdu" in
gpg-connect-agent but here we do full decoding and printing in hex.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-05-28 13:00:27 +02:00
Werner Koch
94d31660c6
card: Update card info after "generate".
* tools/gpg-card.c (cmd_generate): Re-read the card on success.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-05-27 13:48:20 +02:00
Werner Koch
2149676122
scd:openpgp: New KEY-STATUS attribute.
* scd/app-openpgp.c (do_getattr): Return KEY-STATUS
2020-05-27 13:47:13 +02:00
Werner Koch
08310849a2
card: Add command "bye"
* tools/gpg-card.c: Add command "bye" as alias for "quit".
* tools/gpg-connect-agent.c (main): Add "/quit" as alias for "/bye"
2020-05-27 11:43:14 +02:00
Werner Koch
46a3de4b5a
card: Take care of removed and re-inserted cards.
* tools/gpg-card.c (cmd_list): Take care of the need_sn_cmd flag.
(cmd_factoryreset): Clear that flag.
(dispatch_command): Set flag after a reset and after a
CARD_NOT_PRESENT error.
--
2020-05-27 11:27:32 +02:00
Werner Koch
c2a47475ba
card: Implement UID command and print capabilities.
* tools/card-call-scd.c (learn_status_cb): Return the full value for
UIF.  Add info about SM, MCL3, and PD.
* tools/gpg-card.h (struct card_info_s): Add corresponding fields.
* tools/gpg-card.c (list_openpgp): Print capabilities.  Print the
permanent flag for UIF.
(cmd_uif): Implement.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-05-26 16:24:12 +02:00
Werner Koch
11f0700282
scd:openpgp: Add attribute "UIF" for convenience.
* scd/app-openpgp.c (do_getattr): New attrubute "UIF".
(do_learn_status): Use that.
--

Actually this is not just convenience but will make it easier to add
new keys to an openpgp card - we will need to change this only at one
place.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-05-26 16:24:12 +02:00
Werner Koch
2009088670
scd: Fix Yubikey app switching problem
* scd/app.c (select_all_additional_applications_internal): Re-select
first app.  Add arg 'ctrl'.
--

Usually keygrip based access to the Yubikey does a switching back and
forth and thus keeps the card and scdaemon's internal state in sync.
However, if we do only a listing scdaemon did not reselect the first
application (e.g. OpenPGP) after adding other applications (e.g. PIV)
and thus led to wrong info returned in a listing.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-05-26 16:24:12 +02:00
NIIBE Yutaka
510bda7d37 gpg: Clean up ECDH code path (5).
* g10/ecdh.c (pk_ecdh_encrypt_with_shared_point): Now, it's only for
encrytion.
(pk_ecdh_decrypt): Use prepare_ecdh_with_shared_point and move decrypt
code path in original pk_ecdh_encrypt_with_shared_point here.
* g10/pkglue.h (pk_ecdh_encrypt_with_shared_point): Change API.
* g10/pkglue.c (pk_encrypt): Follow the change.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-05-22 11:58:21 +09:00
NIIBE Yutaka
64d93271bf gpg: Clean up ECDH code path (4).
* g10/ecdh.c (prepare_ecdh_with_shared_point): New.
(pk_ecdh_encrypt_with_shared_point): Fixing error paths for closing
the cipher handle, use prepare_ecdh_with_shared_point.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-05-22 11:44:36 +09:00
NIIBE Yutaka
80c02d13d9 gpg: Clean up ECDH code path (3).
* g10/ecdh.c (derive_kek): New.
(pk_ecdh_encrypt_with_shared_point): Use derive_kek.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-05-22 11:24:38 +09:00
NIIBE Yutaka
a973d91138 gpg: Clean up ECDH code path (2).
* g10/ecdh.c (build_kdf_params): New.
(pk_ecdh_encrypt_with_shared_point): Use build_kdf_params, and check
things before extract_secret_x.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-05-22 10:40:47 +09:00
NIIBE Yutaka
960d37644c gpg: Clean up ECDH code path (1).
* g10/ecdh.c (extract_secret_x): New.
(pk_ecdh_encrypt_with_shared_point): Use extract_secret_x.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-05-22 10:04:35 +09:00
NIIBE Yutaka
30eef28bc0 dirmngr: dns: Fix allocation of string buffer in stack.
* dirmngr/dns.h (dns_strsection, dns_strclass)
(dns_strtype): Change APIs.
* dirmngr/dns.c (dns_p_lines): Use __dst for dns_strsection.
(dns_rr_print): Use __dst for dns_strclass and dns_strtype.
(dns_trace_dump): Likewise.
(dns_ai_print): Use __dst for dns_strtype.
(dns_strsection): Add an argument __dst for storage.
(dns_strclass, dns_strtype): Likewise.
(parse_packet): Use __dst for dns_strsection.
(send_query): Use __dst for dns_strtype.
(isection): Use __dst for dns_strsection.
(iclass): Use __dst for dns_strclass.
(itype): Use __dst for dns_strtype.

GnuPG-bug-id: 4934
Reported-by: Tomas Mraz
Fixes-commit: 455ef62d29a112de05897139716265d07e4c6ae3
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-05-20 19:44:38 +09:00
Werner Koch
44676819f2
sm: Create ECC certificates with AKI and SKI by default.
* sm/certreqgen.c (create_request): Create AKI and SKI by default.
--
GnuPG-bug-id: 4098

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-05-19 14:30:24 +02:00
Werner Koch
3cd9dac7e0
common: New function to extract Q from an ECC key.
* common/sexputil.c (get_ecc_q_from_canon_sexp): New.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-05-19 14:28:48 +02:00
Werner Koch
6dc3846d78
sm: Support creation of EdDSA certificates.
* sm/misc.c (transform_sigval): Support EdDSA.
* sm/certreqgen.c (create_request): Support EdDSA cert creation.
* sm/certcheck.c (gpgsm_check_cert_sig): Map some ECC algo OIDs to
hash algos.
* sm/call-agent.c (struct sethash_inq_parm_s): New.
(sethash_inq_cb): New.
(gpgsm_agent_pksign): Add mode to pass plain data for EdDSA.
--

Tested using a parameter file

    Key-Type: EdDSA
    Key-Length: 1024
    Key-Grip: 09D9AE3D494F7888C93BE5106AD8A734A87617F0
    Key-Usage: sign
    Serial: random
    Name-DN: CN=dummy test ed25519

where the keygrip is from a gpg generated Ed25519 key.  ECDSA was
tested using

    Key-Type: ECDSA
    Key-Length: 1024
    Key-Grip: 8E06A180EFFE4C65B812150CAF19BF30C0689A4C
    Key-Usage: sign
    Serial: random
    Name-DN: CN=dummy test nistp256

and RSA using

    Key-Type: RSA
    Key-Length: 2048
    Key-Grip: C6A6390E9388CDBAD71EAEA698233FE5E04F001E
    Key-Usage: sign
    Serial: random
    Name-DN: CN=dummy test rsa

The command used in all cases is

  gpgsm -v --gen-key --batch  a.parm >a.crt
  gpgsm -v --import <a.crt

More support, in particular in the user interface, is required and
will follow soon.

GnuPG-bug-id: 4888
Signed-off-by: Werner Koch <wk@gnupg.org>
2020-05-18 19:32:30 +02:00
Werner Koch
b18fb0264a
agent: Allow to use SETHASH for arbitrary data.
* agent/agent.h (struct server_control_s): Add field digest.data.
* agent/gpg-agent.c (agent_deinit_default_ctrl): Free that field.
* agent/command.c (reset_notify): Ditto.
(start_command_handler): ditto.
(cmd_sethash): Add new option --inquire.
* agent/call-scd.c (agent_card_pksign): For now return an error if
inquire mode was used.
* agent/command-ssh.c (ssh_handler_sign_request): Make sure
digest.data is cleared.
* agent/divert-scd.c (divert_pksign): Implement inquire mode.
* agent/pksign.c (agent_pksign_do): Ditto.
--

This is required to support EdDSA according to RFC8410.

GnuPG-bug-id: 4888
2020-05-18 19:24:41 +02:00
Werner Koch
b1694987bb
sm: Support import and verification of EdDSA certificates.
* sm/certdump.c (gpgsm_get_serial): New.
* sm/certcheck.c (gpgsm_check_cert_sig): Support EdDSA signatures.
--

Note that this does not work with the self-signed RFC-8410 sample
certificate; see the code for comments.

The Ed488 case has not been tested due to a lack of support in
Libgcrypt.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-05-13 21:22:28 +02:00
Werner Koch
f44d395bdf
sm: Support signing using ECDSA.
* sm/gpgsm.h (struct certlist_s): Add helper field pk_algo.
* sm/sign.c (gpgsm_sign): Store the public key algo.  Take the hash
algo from the curve.  Improve diagnostic output in verbose mode.
--

GnuPG-bug-id: 4098
Signed-off-by: Werner Koch <wk@gnupg.org>
2020-05-11 18:41:21 +02:00
Werner Koch
68b857df13
sm: Allow decryption using dhSinglePass-stdDH-sha1kdf-scheme.
* sm/decrypt.c (ecdh_decrypt): Support
dhSinglePass-stdDH-sha1kdf-scheme.  Factor key derive code out to ...
(ecdh_derive_kek): new global function.  Allow for hashs shorter than
the key.
(hash_ecc_cms_shared_info): Make file-only.
* sm/encrypt.c (ecdh_encrypt): Replace derive code by a call to the
new ecdh_derive_kek.  Add test code to create data using
dhSinglePass-stdDH-sha1kdf-scheme.
* sm/gpgsm.h (opt): Add member force_ecdh_sha1kdf.
* sm/gpgsm.c: Add option --debug-force-ecdh-sha1kdf.
--

I did some test against

  Governikus_Signer:       2.9.2.0
  MCard security Provider: 2.4.0
  Algorithm catalog from:  05.12.2019

using a Signature Card v2.0 and a nistp256 certificate.  Encrypting
with Governikus used the stdDH-sha1kdf scheme which we can now
decrypt.  Encrypting with GPGSM uses for that curve the recommended
scheme sha256kdf but Governikus was not able to decrypt this (no
usable error message).  Encrypting using stdDH-sha1kdf with GPGSM by
using the new --debug-force-ecdh-sha1kdf option showed that
Governikus was able to decrypt this.

FWIW: RFC5753 (Use of Elliptic Curve Cryptography (ECC) Algorithms)
has this requirement:

   Implementations that support EnvelopedData with the
   ephemeral-static ECDH standard primitive:

   - MUST support the dhSinglePass-stdDH-sha256kdf-scheme key
     agreement algorithm, the id-aes128-wrap key wrap algorithm, and
     the id-aes128-cbc content encryption algorithm; and

which Governikus seems not to fulfill.

GnuPG-bug-id: 4098
Signed-off-by: Werner Koch <wk@gnupg.org>
2020-05-08 18:08:50 +02:00
Werner Koch
439c9b5cb5
sm: Print algorithm infos in data decryption mode.
* common/sexputil.c (cipher_mode_to_string): New.
* sm/decrypt.c (prepare_decryption): Show cipher algo and mode.
(gpgsm_decrypt): Show key algo and fingerprint

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-05-08 15:21:51 +02:00
Werner Koch
34b628db46
sm: Cleanup the use of GCRY_PK_ECC and GCRY_PK_ECDSA.
* common/sexputil.c (pubkey_algo_to_string): New.
* sm/certcheck.c (do_encode_md): Replace GCRY_PK_ECDSA by GCRY_PK_ECC.
* sm/certreqgen-ui.c (check_keygrip): Add all ECC algorithms.
* sm/gpgsm.c (our_pk_test_algo): Also allow EdDSA.
* sm/verify.c (gpgsm_verify): Map ECC algo to ECDSA.  Use new pubkey
algo name function

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-05-08 15:10:13 +02:00
Werner Koch
a759fa963a
sm: Improve readability of the data verification output.
* sm/verify.c (gpgsm_verify): Print the used algorithms.
--

Note that we now use the full fingerprint instead of the certificate
id.  This better aligns with what we do in gpg.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-05-08 13:42:51 +02:00
Werner Koch
9496634745
card: Allow listing of NKS cards.
* tools/card-call-scd.c (learn_status_cb): Always fill chvinfo.
* tools/gpg-card.h (struct card_info_s): Increase size of chvinfo and
chvmaxlen.
* tools/gpg-card.c (list_nks): New.
(print_a_version): Support single part version numbers.
(list_card): Call list_nks.
--

Note that chvmaxlen is not yet used with NKS.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-05-07 19:47:07 +02:00
Werner Koch
1f6a39092f
scd:nks: Add framework to support IDKey cards.
* scd/app-nks.c (NKS_APP_IDLM): New.
(struct app_local_s): Replace NKS_VERSION by the global APPVERSION.
(do_learn_status): Always send CHV-STATUS.
(find_fid_by_keyref): Basic support for IDLM only use.
(do_learn_status_core): Ditto.
(do_readcert): Ditto.
(verify_pin): Ditto.
(parse_pwidstr): Ditto.
(do_with_keygrip): Ditto.
(switch_application): Ditto.
(app_select_nks): Fallback to IDLM.
--
2020-05-07 19:44:45 +02:00
Werner Koch
549998d1d0
sm: Fix annoying warning about not yet implemented --attribute.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-05-07 14:04:43 +02:00
Werner Koch
aecc008acb
scd:nks: Get the PIN prompts right for the Signature Card
* scd/app-nks.c (get_dispserialno): Move more to the top.
(do_getattr): Add $DISPSERIALNO and SERIALNO.  Make CHV-STATUS work
with NKS15.
(verify_pin): Use dedicated min. PIN lengths.
(parse_pwidstr): Support NKS15
--

GnuPG-bug-id: 4938
Signed-off-by: Werner Koch <wk@gnupg.org>
2020-05-07 14:03:38 +02:00
Werner Koch
5c29d25e6c
sm: Print the key types as standard key algorithm strings.
* sm/fingerprint.c (gpgsm_get_key_algo_info): Factor code out to ...
(gpgsm_get_key_algo_info2): new.
(gpgsm_pubkey_algo_string): New.
* sm/keylist.c (list_cert_colon): Put curve into field 17
(list_cert_raw): Print the unified key algotithm string instead of the
algo and size.
(list_cert_std): Ditto.
--

It is important to known whether a 256 bit ECC uses a NIST or a
Brainpool curve.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-05-07 09:45:49 +02:00
Werner Koch
af45d884aa
scd:nks: Support decryption using ECDH.
* scd/app-nks.c (struct fid_cache_s): Add field 'algo'.
(keygripstr_from_pk_file): Add arg 'r_algo' to return the algo.
(find_fid_by_keyref): Ditto.
(get_dispserialno): New.
(make_prompt): New.
(verify_pin): Provide better prompts.
(do_decipher): Support ECDH.
(parse_pwidstr): Add hack tospecify any pwid..
(do_change_pin): Support Signature Card V2.0 (NKS15) style NullPIN.
Provide a better prompt.
--

GnuPG-bug-id: 4938
Signed-off-by: Werner Koch <wk@gnupg.org>
2020-05-07 08:18:28 +02:00
Werner Koch
ee6d29f179
sm: Support decryption of ECDH data using a smartcard.
* sm/decrypt.c (ecdh_decrypt): Add arg nbits and detect bare secret.
(prepare_decryption): Add arg nbits and pass on.
(gpgsm_decrypt): Pass size of curve to prepare_decryption.
--

GnuPG-bug-id: 4098
Signed-off-by: Werner Koch <wk@gnupg.org>
2020-05-07 08:03:26 +02:00
Werner Koch
314859d7e7
scd: Extend an internal function to also return the algo.
* scd/app-help.c (app_help_get_keygrip_string_pk): Add optional arg
r_algo.  Change all callers.
(app_help_get_keygrip_string): Ditto.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-05-05 08:07:11 +02:00