security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2024-06-14 00:19:50 +02:00
Code Activity
c03ba92576
gnupg/g10
History
Werner Koch c03ba92576
gpg: Fix writing ECDH keys to OpenPGP smartcards. 
* agent/command.c (cmd_keytocard): Add new arg for ECDH params.
* scd/app-openpgp.c (ecc_writekey): Use provided ECDH params to
compute the fingerprint.
* g10/call-agent.c (agent_keytocard): Add arg ecdh_param_str.
* g10/keyid.c (ecdh_param_str_from_pk): New.
* g10/card-util.c (card_store_subkey): Pass ECDH params to writekey.
* g10/keygen.c (card_store_key_with_backup): Ditto.

* scd/app-openpgp.c (store_fpr): Add arg update.
(rsa_read_pubkey, ecc_read_pubkey): Add arg meta_update and avoid
writing the fingerprint back to the card if not set.
(read_public_key): Also add arg meta_update.
(get_public_key): Do not pass it as true here...
(do_genkey): ... but here.
(rsa_write_key, ecc_writekey): Force string the fingerprint.
--

The problem showed up because in 2.4 we changed the standard ECDH
parameter some years ago.  Now when trying to write an ECDH key
created by 2.2 with 2.4 to an openpgp card, scdaemon computes a wrong
fingerprint and thus gpg was not able to find the key again by
fingerprint.

The patch also avoids updating the stored fingerprint in certain
situations.

This fix is somewhat related to
GnuPG-bug-id: 6378
2023-04-21 15:23:29 +02:00
..
all-tests.scm tests: Support semihosted environment. 2022-12-01 13:59:06 +09:00
armor.c gpg: Fix verification of cleartext signatures with overlong lines. 2022-11-10 14:55:38 +01:00
build-packet.c gpg: Allow adding of Additional Decryption Subkeys. 2023-03-01 17:22:20 +01:00
call-agent.c gpg: Fix writing ECDH keys to OpenPGP smartcards. 2023-04-21 15:23:29 +02:00
call-agent.h gpg: Fix writing ECDH keys to OpenPGP smartcards. 2023-04-21 15:23:29 +02:00
call-dirmngr.c gpg: Show just keyserver and port with --send-keys. 2022-09-30 16:40:31 +02:00
call-dirmngr.h gpg: Lookup a missing public key of the current card via LDAP. 2021-04-16 20:21:23 +02:00
call-keyboxd.c doc: Typo fixes 2022-12-16 11:01:23 +01:00
card-util.c gpg: Fix writing ECDH keys to OpenPGP smartcards. 2023-04-21 15:23:29 +02:00
ChangeLog-2011 Spelling: correct spelling of "passphrase". 2016-11-02 12:53:58 +01:00
cipher-aead.c gpg: Replace use of PRIu64 in log_debug 2022-12-16 15:34:37 +01:00
cipher-cfb.c gpg: Remove MDC options 2018-05-29 12:42:52 +02:00
compress-bz2.c gpg: fix --enarmor with zero length source file 2022-03-08 20:03:08 +02:00
compress.c gpg,tools: Remove use of repo only zlib-riscos.h. 2022-03-29 12:07:18 +09:00
cpr.c gpg,common,scd,sm: Function prototype fixes for modern compiler. 2022-09-13 16:34:00 +09:00
dearmor.c g10/dearmor: use iobuf_copy 2022-03-02 21:12:28 +02:00
decrypt-data.c gpg: Replace use of PRIu64 in log_debug 2022-12-16 15:34:37 +01:00
decrypt.c gpg: Fix wrong use of FD2INT with iobuf_fdopen_nc. 2022-10-07 11:16:55 +09:00
dek.h gpg: More check for symmetric key encryption. 2019-07-18 11:02:34 +09:00
delkey.c gpg: Fix the previous commit. 2020-11-11 09:13:13 +09:00
distsigkey.gpg Update release signing keys 2021-11-13 21:03:02 +01:00
ecdh.c gpg: Use GCRY_KDF_ONESTEP_KDF with newer libgcrypt in future. 2022-10-14 14:49:37 +09:00
encrypt.c gpg: Detect already compressed data also when using a pipe. 2023-01-19 10:45:54 +01:00
exec.c gpg: Move w32_system function. 2022-11-09 10:37:58 +09:00
exec.h gpg: Move w32_system function. 2022-11-09 10:37:58 +09:00
expand-group.c gpg: Fix expand GPG groups when resolving a key 2019-09-30 14:08:13 +02:00
export.c gpg: Do not continue the export after a cancel for the primary key. 2022-12-16 15:34:41 +01:00
filter.h gpg: Allow --dearmor to decode all kinds of armor files. 2022-01-28 12:09:34 +01:00
free-packet.c gpg: Allow adding of Additional Decryption Subkeys. 2023-03-01 17:22:20 +01:00
getkey.c gpg: Actually encrypt to ADSKs. 2023-03-01 19:16:12 +01:00
gpg-w32info.rc w32: Add manifest to gpg. 2015-02-04 09:15:34 +01:00
gpg.c gpg: New option --assert-signer. 2023-04-05 21:32:23 +02:00
gpg.h gpg: Improve speed of secret key listing. 2021-05-19 02:42:35 +02:00
gpg.w32-manifest.in w32: Add manifest to gpg. 2015-02-04 09:15:34 +01:00
gpgsql.c Remove -I option to common. 2017-03-07 20:25:54 +09:00
gpgsql.h Change all http://www.gnu.org in license notices to https:// 2016-11-05 12:02:19 +01:00
gpgv.c gpg: New option --assert-signer. 2023-04-05 21:32:23 +02:00
helptext.c Remove -I option to common. 2017-03-07 20:25:54 +09:00
import.c gpg: Allow overridden key import when stub exists. 2023-04-18 09:53:24 +09:00
kbnode.c gpg: Import stray revocation certificates. 2022-10-28 09:30:49 +02:00
key-check.c agent,dirmngr,gpg,scd: Clean up for modern compiler. 2022-09-14 12:08:58 +09:00
key-check.h gpg: Avoid output to the tty during import. 2017-07-27 11:38:57 +02:00
key-clean.c gpg: For readibility use macro instead of integers in key-clean. 2023-01-30 15:59:15 +01:00
key-clean.h headers: fix spelling 2018-10-25 16:53:05 -04:00
keydb-private.h gpg: Set the found-by flags in the keyblock in keyboxd mode. 2020-09-22 16:20:41 +02:00
keydb.c Use the keyboxd for a fresh install 2023-04-04 16:39:59 +02:00
keydb.h gpg: Fix writing ECDH keys to OpenPGP smartcards. 2023-04-21 15:23:29 +02:00
keyedit.c gpg: New command --quick-add-adsk 2023-03-21 16:30:18 +01:00
keyedit.h gpg: New command --quick-add-adsk 2023-03-21 16:30:18 +01:00
keygen.c gpg: Fix writing ECDH keys to OpenPGP smartcards. 2023-04-21 15:23:29 +02:00
keyid.c gpg: Fix writing ECDH keys to OpenPGP smartcards. 2023-04-21 15:23:29 +02:00
keylist.c gpg: New list-option --show-unusable-sigs. 2023-02-07 14:50:03 +01:00
keyring.c gpg: Support KEYGRIP search with traditional keyring. 2021-06-03 13:32:25 +09:00
keyring.h gpg: Pass CTRL to many more functions. 2017-03-31 20:07:20 +02:00
keyserver-internal.h gpg,sm: Simplify keyserver spec parsing. 2021-06-16 12:03:13 +02:00
keyserver.c gpg,build: Fix message for newer gettext. 2022-07-05 13:27:41 +09:00
main.h gpg: New option --assert-signer. 2023-04-05 21:32:23 +02:00
mainproc.c gpg: New option --assert-signer. 2023-04-05 21:32:23 +02:00
Makefile.am build: Remove Windows CE support. 2022-12-09 14:06:08 +09:00
mdfilter.c Remove -I option to common. 2017-03-07 20:25:54 +09:00
migrate.c Replace most of the remaining stdio calls by estream calls. 2020-10-20 12:15:56 +02:00
misc.c gpg: Allow adding of Additional Decryption Subkeys. 2023-03-01 17:22:20 +01:00
objcache.c Spelling cleanup. 2020-02-18 18:07:46 -05:00
objcache.h gpg: Fix getting User ID. 2019-07-11 12:32:44 +09:00
openfile.c gpg: Partial fix for Unicode problem in output files. 2021-05-25 13:39:59 +02:00
options.h gpg: New option --assert-signer. 2023-04-05 21:32:23 +02:00
packet.h gpg: Allow adding of Additional Decryption Subkeys. 2023-03-01 17:22:20 +01:00
parse-packet.c gpg: New export option "mode1003". 2022-12-02 10:09:58 +01:00
passphrase.c gpg,common,scd,sm: Function prototype fixes for modern compiler. 2022-09-13 16:34:00 +09:00
photoid.c gpg: Move w32_system function. 2022-11-09 10:37:58 +09:00
photoid.h gpg: A little clean up. 2019-07-23 12:04:21 +09:00
pkclist.c gpg: Actually encrypt to ADSKs. 2023-03-01 19:16:12 +01:00
pkglue.c gpg: Emit compatible Ed25519 signature. 2021-12-10 15:43:28 +09:00
pkglue.h gpg: Emit compatible Ed25519 signature. 2021-12-10 15:43:28 +09:00
plaintext.c g10/plaintext: disable estream buffering in binary mode 2022-03-08 20:00:31 +02:00
progress.c Remove -I option to common. 2017-03-07 20:25:54 +09:00
pubkey-enc.c gpg: Support ECDH with v5 key. 2021-03-24 14:51:42 +09:00
pubring.asc Update copyright notices for 2017. 2017-01-23 19:16:55 +01:00
revoke.c g10: Fix memory leaks 2021-05-20 13:38:39 +02:00
rmd160.c Clean up word replication. 2017-02-21 13:11:46 -05:00
rmd160.h Change all http://www.gnu.org in license notices to https:// 2016-11-05 12:02:19 +01:00
seckey-cert.c More change for common. 2017-03-07 20:32:09 +09:00
server.c Remove -I option to common. 2017-03-07 20:25:54 +09:00
seskey.c gpg,ecc: Handle external representation as SOS with opaque MPI. 2020-06-09 10:32:47 +09:00
sig-check.c gpg: Allow adding of Additional Decryption Subkeys. 2023-03-01 17:22:20 +01:00
sign.c gpg: Allow adding of Additional Decryption Subkeys. 2023-03-01 17:22:20 +01:00
skclist.c gpg: Allow decryption w/o public key but with correct card inserted. 2021-04-23 08:50:39 +02:00
t-keydb-get-keyblock.c gpg: New option --assert-signer. 2023-04-05 21:32:23 +02:00
t-keydb-get-keyblock.gpg gpg: Correctly handle keyblocks followed by legacy keys. 2015-11-17 14:53:03 +01:00
t-keydb-keyring.kbx g10: Add test for keydb as well as new testing infrastructure. 2015-09-02 15:08:57 +02:00
t-keydb.c gpg: New option --assert-signer. 2023-04-05 21:32:23 +02:00
t-rmd160.c Change all http://www.gnu.org in license notices to https:// 2016-11-05 12:02:19 +01:00
t-stutter-data.asc gpg: Add a new test. 2016-03-08 14:08:49 +01:00
t-stutter.c gpg: New option --assert-signer. 2023-04-05 21:32:23 +02:00
tdbdump.c gpg: Remove stale ultimately trusted keys from the trustdb. 2021-11-13 20:34:06 +01:00
tdbio.c gpg,common,scd,sm: Function prototype fixes for modern compiler. 2022-09-13 16:34:00 +09:00
tdbio.h gpg: Remove stale ultimately trusted keys from the trustdb. 2021-11-13 20:34:06 +01:00
test-stubs.c gpg: New option --list-filter 2022-11-25 16:04:54 +01:00
test.c build: Always use EXTERN_UNLESS_MAIN_MODULE pattern. 2020-02-10 16:50:47 +01:00
textfilter.c gpg: Initialize a parameter to silence valgrind. 2020-09-04 11:32:47 +02:00
tofu.c g10: Fix memory leaks 2021-05-20 13:38:39 +02:00
tofu.h g10: Remove dead code. 2016-12-06 12:16:56 +01:00
trust.c gpg: New option --add-desig-revoker 2023-02-16 18:10:03 +01:00
trustdb.c gpg: Fix trusted introducer for user-ids with only the mbox. 2022-10-28 11:20:04 +02:00
trustdb.h gpg: Fix adding the list of ultimate trusted keys. 2022-01-12 13:34:31 +09:00
verify.c gpg: New option --assert-signer. 2023-04-05 21:32:23 +02:00
zlib-riscos.h Change all http://www.gnu.org in license notices to https:// 2016-11-05 12:02:19 +01:00