diff options
| author | Werner Koch <wk@gnupg.org> | 2024-01-22 16:52:22 +0100 |
|---|---|---|
| committer | Werner Koch <wk@gnupg.org> | 2024-01-22 16:52:22 +0100 |
| commit | ead2982286f8ae94e96c0da09c6ed8c294711a47 (patch) | |
| tree | 1180aaf93abda4eb22782e3862c9b7b8167a846d /g10/keygen.c | |
| parent | agent: Add "ephemeral" Assuan option. (diff) | |
| download | gnupg2-ead2982286f8ae94e96c0da09c6ed8c294711a47.tar.xz gnupg2-ead2982286f8ae94e96c0da09c6ed8c294711a47.zip | |
gpg: Use ephemeral mode for generating card keys.
* g10/call-agent.c (agent_set_ephemeral_mode): New.
* g10/keyedit.c (keyedit_menu) <bkuptocard>: Switch to ephemeral mode.
* g10/keygen.c (do_generate_keypair): Switch to ephemeral mode for
card keys with backup.
--
GnuPG-bug-id: 6944
Diffstat (limited to '')
| -rw-r--r-- | g10/keygen.c | 48 |
1 files changed, 39 insertions, 9 deletions
diff --git a/g10/keygen.c b/g10/keygen.c index 886c3b007..b263a47de 100644 --- a/g10/keygen.c +++ b/g10/keygen.c @@ -5754,7 +5754,6 @@ do_generate_keypair (ctrl_t ctrl, struct para_data_s *para, if (!err && get_parameter (para, pSUBKEYTYPE)) { - const char *cardbackupkey = NULL; int subkey_algo = get_parameter_algo (ctrl, para, pSUBKEYTYPE, NULL); key_from_hexgrip = get_parameter_value (para, pSUBKEYGRIP); @@ -5769,22 +5768,57 @@ do_generate_keypair (ctrl_t ctrl, struct para_data_s *para, pub_root, subkeytimestamp, get_parameter_u32 (para, pSUBKEYEXPIRE), 1, &keygen_flags); - else if (!card - || (cardbackupkey = get_parameter_value (para, pCARDBACKUPKEY))) + else if (get_parameter_value (para, pCARDBACKUPKEY)) { + int lastmode; unsigned int mykeygenflags = KEYGEN_FLAG_NO_PROTECTION; + err = agent_set_ephemeral_mode (ctrl, 1, &lastmode); + if (err) + log_error ("error switching to ephemeral mode: %s\n", + gpg_strerror (err)); + else + { + err = do_create (subkey_algo, + get_parameter_uint (para, pSUBKEYLENGTH), + get_parameter_value (para, pSUBKEYCURVE), + pub_root, + subkeytimestamp, + get_parameter_u32 (para, pSUBKEYEXPIRE), 1, + &mykeygenflags, + get_parameter_passphrase (para), + &cache_nonce, NULL, + NULL, NULL); + /* Get the pointer to the generated public subkey packet. */ + if (!err) + { + kbnode_t node; + + for (node = pub_root; node; node = node->next) + if (node->pkt->pkttype == PKT_PUBLIC_SUBKEY) + sub_psk = node->pkt->pkt.public_key; + log_assert (sub_psk); + err = card_store_key_with_backup (ctrl, + sub_psk, gnupg_homedir ()); + } + + /* Reset the ephemeral mode as needed. */ + if (!lastmode && agent_set_ephemeral_mode (ctrl, 0, NULL)) + log_error ("error clearing the ephemeral mode\n"); + } + } + else if (!card) + { err = do_create (subkey_algo, get_parameter_uint (para, pSUBKEYLENGTH), get_parameter_value (para, pSUBKEYCURVE), pub_root, subkeytimestamp, get_parameter_u32 (para, pSUBKEYEXPIRE), 1, - cardbackupkey? &mykeygenflags : &keygen_flags, + &keygen_flags, get_parameter_passphrase (para), &cache_nonce, NULL, NULL, NULL); - /* Get the pointer to the generated public subkey packet. */ if (!err) { kbnode_t node; @@ -5793,10 +5827,6 @@ do_generate_keypair (ctrl_t ctrl, struct para_data_s *para, if (node->pkt->pkttype == PKT_PUBLIC_SUBKEY) sub_psk = node->pkt->pkt.public_key; log_assert (sub_psk); - - if (cardbackupkey) - err = card_store_key_with_backup (ctrl, - sub_psk, gnupg_homedir ()); } } else |