diff options
| author | NIIBE Yutaka <[email protected]> | 2020-03-26 02:30:58 +0000 |
|---|---|---|
| committer | Werner Koch <[email protected]> | 2022-10-20 12:45:03 +0000 |
| commit | 8b2c55d3c5dab847eff0843a5d6c9e6cd5de8f19 (patch) | |
| tree | 86048461f8b08d4cf97184024bd5bde48d53df1b | |
| parent | scd:nks: Don't flag the ESIGN keypair EF as encryption capable. (diff) | |
| download | gnupg-8b2c55d3c5dab847eff0843a5d6c9e6cd5de8f19.tar.gz gnupg-8b2c55d3c5dab847eff0843a5d6c9e6cd5de8f19.zip | |
gpgsm: Remove restriction of key generation (only RSA).
* sm/certreqgen.c (proc_parameters): Remove checking GCRY_PK_RSA.
--
This is an initial change to support ECC key generation.
GnuPG-bug-id: 4888, 6253
Signed-off-by: NIIBE Yutaka <[email protected]>
Backported-from-master: 238707db8b05a385af5419e606ea5110ace31d2b
| -rw-r--r-- | sm/certreqgen.c | 22 |
1 files changed, 10 insertions, 12 deletions
diff --git a/sm/certreqgen.c b/sm/certreqgen.c index 92d6ffe05..bc5244a88 100644 --- a/sm/certreqgen.c +++ b/sm/certreqgen.c @@ -433,6 +433,7 @@ proc_parameters (ctrl_t ctrl, struct para_data_s *para, struct para_data_s *r; const char *s, *string; int i; + int algo; unsigned int nbits; char numbuf[20]; unsigned char keyparms[100]; @@ -446,30 +447,27 @@ proc_parameters (ctrl_t ctrl, struct para_data_s *para, /* Check that we have all required parameters; */ assert (get_parameter (para, pKEYTYPE, 0)); - /* We can only use RSA for now. There is a problem with pkcs-10 on - how to use ElGamal because it is expected that a PK algorithm can - always be used for signing. Another problem is that on-card - generated encryption keys may not be used for signing. */ - i = get_parameter_algo (para, pKEYTYPE); - if (!i && (s = get_parameter_value (para, pKEYTYPE, 0)) && *s) + /* There is a problem with pkcs-10 on how to use ElGamal because it + is expected that a PK algorithm can always be used for + signing. Another problem is that on-card generated encryption + keys may not be used for signing. */ + algo = get_parameter_algo (para, pKEYTYPE); + if (!algo && (s = get_parameter_value (para, pKEYTYPE, 0)) && *s) { /* Hack to allow creation of certificates directly from a smart card. For example: "Key-Type: card:OPENPGP.3". */ if (!strncmp (s, "card:", 5) && s[5]) cardkeyid = xtrystrdup (s+5); } - if ( (i < 1 || i != GCRY_PK_RSA) && !cardkeyid ) + if (algo < 1 && !cardkeyid) { r = get_parameter (para, pKEYTYPE, 0); - if (r) - log_error (_("line %d: invalid algorithm\n"), r?r->lnr:0); - else - log_error ("No Key-Type specified\n"); + log_error (_("line %d: invalid algorithm\n"), r ? r->lnr: -1); return gpg_error (GPG_ERR_INV_PARAMETER); } /* Check the keylength. NOTE: If you change this make sure that it - macthes the gpgconflist item in gpgsm.c */ + matches the gpgconflist item in gpgsm.c */ if (!get_parameter (para, pKEYLENGTH, 0)) nbits = 3072; else |