1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-11-12 21:58:50 +01:00
Commit Graph

8861 Commits

Author SHA1 Message Date
Werner Koch
4f43b6fdae
gpgsm: Fix colon outout of ECC encryption certificates
* sm/keylist.c (print_capabilities): Add arg algo and use it to check
for ECC capabilities.
(list_cert_colon): Call with algo.
--

This will mark certificates with only keyAgreement usage correctly in
the --with-colons listing.

(cherry picked from commit f5c3f13609)
2022-11-15 16:32:24 +01:00
Werner Koch
8a9a473564
scd:nks: Fix ECC signing if key not given by keygrip.
* scd/app-nks.c (keygripstr_from_pk_file): Set r_algo if not in cache.
2022-11-15 14:53:46 +01:00
Werner Koch
1307081dc0
dirmngr: Fix verification of ECDSA signed CRLs.
* dirmngr/crlcache.c (finish_sig_check): Use raw value for the data.
--

This had the usual signed/unsigned problem.  By using the modern form
we enforce Libgcrypt internal parsing as unsigned integer.

(cherry picked from commit 868dabb402)
2022-11-15 10:47:33 +01:00
Werner Koch
afaed3c122
dirmngr: Support ECDSA for OCSP.
* dirmngr/validate.c (pk_algo_from_sexp): Make public.  Support ECC.
* dirmngr/ocsp.c (check_signature): Remove hash preparation out to ...
(check_signature_core): here.  This changes the arg s_hash to md.
Support ECDSA.
--

The test was done with my qualified signature certificate from the
Telesec and their responder http://tqrca1.ocsp.telesec.de/ocspr .
See also libksba commit rK24992a4a7a61d93759e1dbd104b845903d4589bf

(cherry picked from commit 890e9849b5)
2022-11-15 10:47:32 +01:00
Werner Koch
502d43ac30
dirmngr: Support ECDSA for CRLs
* dirmngr/crlcache.c (finish_sig_check): Support ECDSA.
* dirmngr/validate.c (check_cert_sig): Ditto.  Remove the never
used support for DSA.

(cherry picked from commit de87c8e1ea)
2022-11-15 10:47:31 +01:00
Werner Koch
7c3aeb2a57
gpgsm: Support signing using ECDSA.
* sm/gpgsm.h (struct certlist_s): Add helper field pk_algo.
* sm/sign.c (gpgsm_sign): Store the public key algo.  Take the hash
algo from the curve.  Improve diagnostic output in verbose mode.
--

GnuPG-bug-id: 4098, 6253
Signed-off-by: Werner Koch <wk@gnupg.org>
Backported-from-master: f44d395bdf
2022-11-15 10:47:25 +01:00
Werner Koch
4aed853f2b
gpgsm: Support verification of nistp521 signatures.
* sm/certcheck.c (do_encode_md): Take care of nistp521.
--

This curve is a bit odd in that it does not match a common hash digest
length.  We fix that here for just this case instead of writing more
general code to support all allowed cases (i.e. hash shorter than Q).

Signed-off-by: Werner Koch <wk@gnupg.org>
Backported-from-master: 596212e71a
2022-11-15 10:46:03 +01:00
Werner Koch
88335b2d5b
gpgsm: Cleanup the use of GCRY_PK_ECC and GCRY_PK_ECDSA.
* common/sexputil.c (pubkey_algo_to_string): New.
* sm/certcheck.c (do_encode_md): Replace GCRY_PK_ECDSA by GCRY_PK_ECC.
* sm/certreqgen-ui.c (check_keygrip): Add all ECC algorithms.
* sm/gpgsm.c (our_pk_test_algo): Also allow EdDSA.
* sm/verify.c (gpgsm_verify): Map ECC algo to ECDSA.  Use new pubkey
algo name function

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 34b628db46)
2022-11-14 18:16:49 +01:00
Werner Koch
266a6602f0
gpgsm: Some more ECC support backported.
* sm/certcheck.c (gpgsm_check_cert_sig): Map ECDSA OIDs.
* sm/misc.c (transform_sigval): Add ECC support.
--

GnuPG-bug-id: 6253
2022-11-14 17:23:06 +01:00
Werner Koch
3f845c8de7
agent: Allow trustlist on Windows in Unicode homedirs.
* agent/trustlist.c (agent_marktrusted): Use gnupg_access.
2022-11-14 07:16:34 +01:00
Werner Koch
a9044b4a23
gpg: Fix trusted introducer for user-ids with only the mbox.
* g10/trustdb.c (check_regexp): Kludge to match user-ids with only an
mbox.
--
(Also re-indented the function)
GnuPG-bug-id: 6238
2022-11-09 15:56:18 +01:00
Werner Koch
bd825ead36
gpg: Import stray revocation certificates.
* g10/kbnode.c (new_kbnode2): New.
* g10/import.c (delete_inv_parts): New arg r_otherrevsigs to store
misplaced revocations.
(import_revoke_cert): Allow to pass an entire list.
(import_one): Import revocations found by delete_inv_parts.
--

It might be useful to distribute revocations of old keys along with
new keys.  This is in particicualrr useful for WKD stored keys.  This
patch allows to put unrelated standalone revocations into a key.  For
example they can simply appended to a keyblock.  Right now it is a bit
inaesthetic to see diagnostics about misplaced or bad revocation
signatures.

Backported-from-master: 7aaedfb107
2022-11-09 15:54:51 +01:00
Werner Koch
b8e197318a
tests: Add tests to check that OCB is only used for capable keys.
* tests/openpgp/samplekeys/ed25519-cv25519-sample-2.asc: New.
* tests/openpgp/samplekeys/ed25519-cv25519-sample-1.asc: Add AEAD
preference.
* tests/openpgp/defs.scm (tr:gpgstatus): New.
(create-legacy-gpghome): Also import .key private keys.
* tests/openpgp/encrypt.scm: Add OCB tests.
2022-11-04 11:22:07 +01:00
Werner Koch
a69149b1ae
gpg: Make --list-packets work w/o --no-armor for plain OCB packets.
* g10/armor.c (is_armored): Add PKT_ENCRYPTED_AEAD.
--

With this fix it is now possible to feed a vanilla packet of type 20
without first forcing gpg to assume binary mode.
2022-11-04 11:21:58 +01:00
Werner Koch
0a355b2fe7
gpg: Add compatibility flag "vsd-allow-ocb"
* common/compliance.h (enum gnupg_co_extra_infos): New.
* common/compliance.c (vsd_allow_ocb): New.
(gnupg_cipher_is_compliant): Allow OCB if flag is set.
(gnupg_cipher_is_allowed): Ditto.
(gnupg_set_compliance_extra_info): Change to take two args.  Adjust
callers.
* g10/gpg.c (compatibility_flags): Add "vsd-allow-ocb".
(main): And set it.
* g10/options.h (COMPAT_VSD_ALLOW_OCB): NEw.
--

This is a temporary flag until the new mode has been evaluated and can
always be enabled.

GnuPG-bug-id: 6263
2022-10-31 17:23:41 +01:00
Werner Koch
4a9f3f94c6
gpg: New option --compatibility-flags
* g10/gpg.c (oCompatibilityFlags): New.
(opts): Add option.
(compatibility_flags): New list.
(main): Set flags and print help.
* g10/options.h (opt): Add field compatibility_flags.
--

No flags are yet defined but it is good to have the framework.
2022-10-31 16:20:22 +01:00
Werner Koch
a545e14e8a
gpg: Support OCB encryption.
* g10/build-packet.c (do_encrypted_aead): New.
(do_symkey_enc): Handle version 5.
(build_packet): Support the ENCRYPTED_AEAD packet.
* g10/cipher.c (MIN_PARTIAL_SIZE): Remove unused macro.
(AEAD_ENC_BUFFER_SIZE): New macro.
(my_iobuf_write): New.
(write_header): Rename to write_cfb_header.  Adjust caller.
(set_ocb_nonce_and_ad): New.
(write_ocb_header): New.
(write_ocb_auth_tag): New.
(write_ocb_final_chunk): New.
(do_ocb_flush): New.
(do_ocb_free): New.
(cipher_filter_ocb): New.
* g10/filter.h (cipher_filter_context_t): Add fields for AEAD.
* g10/encrypt.c (encrypt_symmetric): For the use of a session key in
OCB mode.
(encrypt_seskey): Revamp to support OCB.
(use_aead): New.
(encrypt_simple): Support OCB.
(write_symkey_enc): Ditto.
(encrypt_crypt): Ditto.
(encrypt_filter): Handle OCB.
* g10/options.h (opt): Add field force_ocb.
* g10/gpg.c (oForceOCB): New.
(opts): New option "--force-ocb".
(main): Set force_ocb option.
* g10/gpgcompose.c (encrypt_seskey): New.
* g10/keygen.c (aead_available): New global var.
(keygen_set_std_prefs): Set AEAD feature by default in GNUPG mode. Add
parings of aead feature flag.
(keygen_get_std_prefs): Set aead flag.
(add_feature_aead): New.
(keygen_upd_std_prefs): Set OCB as preference if AEAD is enabled.
* g10/pkclist.c (select_aead_from_pklist): New.
(warn_missing_aead_from_pklist): New.
(select_mdc_from_pklist): Remove this unused function.
--

This extends the long available OCB and EAX decryption feature.  Due
to the meanwhile expired patent on OCB there is no more reason for
using EAX.  Thus we forcefully use OCB if the AEAD feature flag is set
on a key.

In GNUPG mode new keys are now created with the AEAD feature flag set.
Option --rfc4880 is one way to disable this.

GnuPG-bug-id: 6263
2022-10-31 14:33:10 +01:00
Werner Koch
aa397fdcdb
gpgsm: Also announce AES256-CBC in signatures.
* sm/sign.c (gpgsm_sign): Add new capability.
--

It might be better to have this.  No concrete bug report, though.
2022-10-28 15:21:26 +02:00
Werner Koch
fd0ddf2699
gpgsm: New compatibility flag "allow-ecc-encr".
* sm/gpgsm.h (COMPAT_ALLOW_ECC_ENCR): New.
* sm/gpgsm.c (compatibility_flags): Add new flag.
* sm/encrypt.c (encrypt_dek): Allw ECC only if flag is set.
--

ECC encryption was not part of the original VS evaluation.  Until this
has been re-evaluated we hide this feature behind this flag.

GnuPG-bug-id: 6253
2022-10-28 15:19:19 +02:00
Werner Koch
28467f3735
sm: Support encryption using ECDH keys.
* sm/decrypt.c (hash_ecc_cms_shared_info): Make global.
* sm/encrypt.c (ecdh_encrypt): New.
(encrypt_dek): Add arg PK_ALGO and support ECDH.
(gpgsm_encrypt): Pass PK_ALGO.
--

Note: This has only been tested with a messages created and decrypted
by GnuPG.

GnuPG-bug-id: 4098
Signed-off-by: Werner Koch <wk@gnupg.org>
Backported-from-master: d5051e31a8
GnuPG-bug-id: 6253
2022-10-28 13:01:09 +02:00
Werner Koch
d770715e15
gpgsm: Allow ECC encryption keys with just keyAgreement specified.
* sm/certlist.c (cert_usage_p): Allow keyAgreement for ECC.
* sm/fingerprint.c (gpgsm_is_ecc_key): New.
--

For ECC encryption keys keyAgreement is the keyUsage we want.

GnuPG-bug-id: 6253
2022-10-28 12:17:46 +02:00
Werner Koch
1cdb67d41a
gpgsm: Use macro constants for cert_usage_p.
* sm/certlist.c (USE_MODE_): New.  Use them for easier reading.
2022-10-28 12:14:54 +02:00
Werner Koch
7ed523ca13
scd:nks: Support non-ESIGN signing with the Signature Card v2
* scd/app-nks.c (do_sign): Handle ECC for NKS cards
--

Backported-from-master: 959c627892121ce9707bfa36f2510216b4f6f247
GnuPG-bug-id: 6252
2022-10-28 12:13:29 +02:00
Werner Koch
12d3b16729
scd: Use app_get_slot at more places.
--

This is helpful for backporting other changes.
2022-10-28 12:07:11 +02:00
Werner Koch
934bbe67c2
scd: Use APP_LEARN_FLAG_KEYPAIRINFO with more apps.
* scd/app-nks.c (do_learn_status_core): Use new flag.
* scd/app-sc-hsm.c (do_learn_status): Ditto.
--

The flag was already backported to some apps but not to these.
2022-10-28 11:55:31 +02:00
Werner Koch
6fa4143284
doc: Make uploading of 2.2 manuals easier
--
2022-10-28 11:46:29 +02:00
NIIBE Yutaka
54d001cc7c
build: Update gpg-error.m4.
* m4/gpg-error.m4: Update from libgpg-error 1.46.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-10-24 12:11:17 +09:00
Werner Koch
ed62b74a17
gpgsm: Create ECC certificates with AKI and SKI by default.
* sm/certreqgen.c (create_request): Create AKI and SKI by default.
--

GnuPG-bug-id: 4098, 6253
Signed-off-by: Werner Koch <wk@gnupg.org>
Backported-from-master: 44676819f2
2022-10-20 17:34:03 +02:00
Werner Koch
9f1181e1a7
gpgsm: Print the key types as standard key algorithm strings.
* sm/fingerprint.c (gpgsm_get_key_algo_info): Factor code out to ...
(gpgsm_get_key_algo_info2): new.
* sm/keylist.c (list_cert_colon): Put curve into field 17
(list_cert_raw): Print the unified key algotithm string instead of the
algo and size.
(list_cert_std): Ditto.
--

It is important to known whether a 256 bit ECC uses a NIST or a
Brainpool curve.

Signed-off-by: Werner Koch <wk@gnupg.org>
Backported-from-master: 5c29d25e6c
GnuPG-bug-id: 6253
2022-10-20 16:32:11 +02:00
Werner Koch
5ae2632002
gpgsm: Support decryption of ECDH data
* sm/decrypt.c (hash_ecc_cms_shared_info): New.
(ecdh_derive_kek): New global function.
(ecdh_decrypt): New with support for
dhSinglePass-stdDH-sha1kdf-scheme.
(prepare_decryption): Support ECDH.  Add args pk_algo and nbits.
(gpgsm_decrypt): Pass size of curve to prepare_decryption.  Lift some
variables from an inner code block.
--

This has been compiled from these commits in master:
Backported-from-master: 95d83cf906
(sm: Support decryption of ECDH data)
Backported-from-master: ee6d29f179
(sm: Support decryption of ECDH data using a smartcard.)
Backported-from-master: 68b857df13
(sm: Allow decryption using dhSinglePass-stdDH-sha1kdf-scheme.)

GnuPG-bug-id: 6253
Signed-off-by: Werner Koch <wk@gnupg.org>
2022-10-20 15:35:47 +02:00
NIIBE Yutaka
37a853d808
gpgsm: Support key generation with ECC.
* sm/certreqgen.c (pKEYCURVE): New.
(read_parameters): Add pKEYCURVE handling.
(proc_parameters): Support ECC key generation.
--

GnuPG-bug-id: 4888, 6253
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
(cherry picked from commit 49ea53b755)
2022-10-20 14:47:28 +02:00
NIIBE Yutaka
8b2c55d3c5
gpgsm: Remove restriction of key generation (only RSA).
* sm/certreqgen.c (proc_parameters): Remove checking GCRY_PK_RSA.

--

This is an initial change to support ECC key generation.

GnuPG-bug-id: 4888, 6253
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
Backported-from-master: 238707db8b
2022-10-20 14:45:03 +02:00
Werner Koch
1e69676981
scd:nks: Don't flag the ESIGN keypair EF as encryption capable.
* scd/app-nks.c (filelist): Tweak 0x4531.
--

Actually the certificate has no encryption usage but we should also
tell that via KEYINFO so that this key is never tried to create an
encryption certificate.

(cherry picked from commit 3a2fb1c306)
2022-10-20 12:22:08 +02:00
Werner Koch
f24904ee35
scd:nks: Some code cleanup.
* scd/app-nks.c (find_fid_by_keyref): Factor keyref parsing out to ...
(parse_keyref): new.
(do_readcert): Use new function instead of partly duplicated code.
Make detection of keygrip more robust.
(do_readkey): Make detection of keygrip more robust.
(do_with_keygrip): Use get_nks_tag.
--

Also added a couple of comments.

(cherry picked from commit b92b3206e7)
2022-10-20 12:22:08 +02:00
Werner Koch
5cd25f4ca4
scd:nks: Support the Telesec ESIGN application.
* scd/app-nks.c (find_fid_by_keyref): Disable the cache for now.
(readcert_from_ef): Considere an all zero certificate as not found.
(do_sign): Support ECC and the ESIGN application.
--

This allows me to create qualified signatures using my Telesec card.
There is of course more work to do but this is the first step.

Note: The design of the FID cache needs to be reconsidered.  Until
that the lookup here has been disabled.  The do_sign code should be
revamped to be similar to what we do in app-p15.

GnuPG-bug-id: 5219, 4938, 6252
Backported-from-master: 07eaf006c2
2022-10-20 12:22:08 +02:00
NIIBE Yutaka
b199582789
scd:nks: Return USAGE information for KEYINFO command.
* scd/app-nks.c (set_usage_string): New.
(do_learn_status_core, do_readkey): Use set_usage_string.
(do_with_keygrip): Add USAGE to call send_keyinfo,
using set_usage_string.
* scd/command.c (send_keyinfo): Add arg usage.
--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
Backported-from-master: 5264d3f58e
GnuPG-bug-id: 6252

This backports only the NKS parts of the original patch

Signed-off-by: Werner Koch <wk@gnupg.org>
2022-10-20 12:22:08 +02:00
Werner Koch
77b008d1e7
scd:nks: Handle APP_READKEY_FLAG_INFO.
* scd/app-nks.c (keygripstr_from_pk_file): Fix ignored error.
(get_nks_tag): New.
(do_learn_status_core): Use it.  Make sure not to mange the
KEYPAIRINFO line if no usage is known.
(do_readkey): Output the KEYPAIRINFO for the keygrip case.
--

Note that this only handles the most common case of providing a
keygrip.  $AUTHKEYID and ODLM are not yet supported.

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 63320ba2f8)
2022-10-20 12:22:08 +02:00
Ingo Klöcker
8bccd95b38
scd:nks: Add support for signing plain SHA-2 digests.
* scd/app-nks.c (do_sign): Handle plain SHA-2 digests and verify
encoding of ASN.1 encoded hashes.
--

This makes it possible to create CSRs for NetKey card keys which are
signed with SHA256 by default.

GnuPG-bug-id: 5184
(cherry picked from commit 8fe976d5b9)
2022-10-20 12:22:08 +02:00
NIIBE Yutaka
3c1acb7b9f
scd:nks: Support READKEY with keygrip and for "NKS-IDLM" keyref.
* scd/app-nks.c (do_readkey): Allow KEYGRIP access.
Support NKS-IDLM.XXXX keyref.

--

GnuPG-bug-id: 5150
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
(cherry picked from commit 3b39263088)
2022-10-20 12:22:08 +02:00
NIIBE Yutaka
0979ae3491
scd:nks: Factor out pubkey retrieval from keygrip handling.
* scd/app-nks.c (pubkey_from_pk_file): New.
(keygripstr_from_pk_file): Use pubkey_from_pk_file.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
(cherry picked from commit b7c087375d)
2022-10-20 12:22:08 +02:00
NIIBE Yutaka
1f2823e0be
scd:nks: Add support of KEYGRIP for do_readcert.
* scd/app-nks.c (do_readcert): Support KEYGRIP.

--

GnuPG-bug-id: 5150
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
(cherry picked from commit 4020cd9d65)
2022-10-20 12:22:08 +02:00
NIIBE Yutaka
ea7234d2f5
scd:nks: Factor out iteration over filelist.
* scd/app-nks.c (iterate_over_filelist): New.
(do_with_keygrip): Use iterate_over_filelist.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
(cherry picked from commit 6c43658476)
2022-10-20 12:22:08 +02:00
NIIBE Yutaka
c9eb4c0632
scd:nks: Fix caching keygrip (more).
* scd/app-nks.c (keygripstr_from_pk_file): Distinguish by APP_ID.

--

GnuPG-bug-id: 5150, 5161
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
Backported-from-master: 87d2c579cc
Fixes-commit: 00f594e3ecb26b010e87d5491b648369e7a92408
2022-10-20 12:22:08 +02:00
Werner Koch
cf5f6896f8
scd:nks: Minor additions to the basic IDLM application support.
* scd/app-nks.c (filelist): Use special value -1 for IDLM pubkeys.
(keygripstr_from_pk_file): Handle special value.
(do_readcert): Ditto.
(do_writecert): Ditto.
--

This allows to get information about the keys from the card.  However
the do_readkey still requires a fallback to readcert.  This does not
work because there are no certificates yet on the card.  The fix is to
fully implement do_readkey.

(cherry picked from commit 806547d9d2)
2022-10-20 12:22:08 +02:00
NIIBE Yutaka
f1bd7369a7
scd,nks: Fix caching keygrip.
* scd/app-nks.c (keygripstr_from_pk_file): Identify by cfid if
available.
--

GnuPG-bug-id: 5150, 6252
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
Backported-from-master: 9201543708:
2022-10-20 12:22:08 +02:00
Werner Koch
c1c3331cf9
scd:nks: Emit the algo string with KEYPAIRINFO
* scd/app-nks.c (do_learn_status_core): Emit the algo string as part
of a KEYPAIRINFO.
(struct fid_cache_s): Add field algostr.
(flush_fid_cache): Release it.
(keygripstr_from_pk_file): Fill it and add it to the cache.  Use a
single exit label.  Set algostr.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
Backported-from-master: 26da47ae53
Backported-from-master: 006944b856
GnuPG-bug-id: 6252, 5144

This has been backported to keep this, and only this, module in sync
with master. All other changes from the original patch have been
stripped.
2022-10-20 12:22:08 +02:00
Werner Koch
fe698586b5
scd:nks: Implement writecert for the Signature card v2.
* scd/iso7816.c (CMD_UPDATE_BINARY): New.
(iso7816_update_binary): New.
* scd/app-nks.c (do_deinit): Factor some code out to...
(flush_fid_cache): new.
(do_writecert): New.
(app_select_nks): Register new handler.
--

This has been backported only to make the following backpoorts easier.
The code is only used in 2.3; for details see the original commit
message.

Signed-off-by: Werner Koch <wk@gnupg.org>
Backported-from-master: c1663c690b
GnuPG-bug-id: 6252
2022-10-20 12:22:07 +02:00
Werner Koch
c99870f790
scd:nks: Fix certificate read problem with TCOS signature card v2.
* scd/app-nks.c (filelist): Add a dedicated key entry for ESIGN.
(do_readcert): Test for the app_id.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
Backported-from-master: 07aef873eb
GnuPG-bug-id: 6252
2022-10-20 12:22:07 +02:00
Werner Koch
a974d8aefa
scd:nks: Fix remaining tries warning in --reset mode.
* scd/app-nks.c (do_change_pin): Change computation of 'remaining'.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
Backported-from-master: 2429e85598
GnuPG-bug-id: 6252
2022-10-20 12:22:07 +02:00
Werner Koch
60ba61e78e
scd:nks: Add framework to support IDKey cards.
* scd/app-nks.c (NKS_APP_IDLM): New.
(struct app_local_s): Replace NKS_VERSION by the global APPVERSION.
(do_learn_status): Always send CHV-STATUS.
(find_fid_by_keyref): Basic support for IDLM only use.
(do_learn_status_core): Ditto.
(do_readcert): Ditto.
(verify_pin): Ditto.
(parse_pwidstr): Ditto.
(do_with_keygrip): Ditto.
(switch_application): Ditto.
(app_select_nks): Fallback to IDLM.
--

Backported-from-master: 1f6a39092f
GnuPG-bug-id: 6252

Also not directly required for the Signature Card 2.0, it is easier to
port this patch as well.
2022-10-20 12:22:07 +02:00