diff options
| author | Werner Koch <[email protected]> | 2009-07-20 11:02:20 +0000 |
|---|---|---|
| committer | Werner Koch <[email protected]> | 2009-07-20 11:02:20 +0000 |
| commit | 7ae15f002712c7d07f9d835b81b0ca8da096e49b (patch) | |
| tree | 610af3a03993676179ec3eb267a3c09a5cad0149 /g10/keygen.c | |
| parent | Fix bug 1090. (diff) | |
| download | gnupg-7ae15f002712c7d07f9d835b81b0ca8da096e49b.tar.gz gnupg-7ae15f002712c7d07f9d835b81b0ca8da096e49b.zip | |
Fix bug 1091.
Doc fixes.
Replace assert by error message.
Diffstat (limited to 'g10/keygen.c')
| -rw-r--r-- | g10/keygen.c | 17 |
1 files changed, 10 insertions, 7 deletions
diff --git a/g10/keygen.c b/g10/keygen.c index 17fff28b9..91c990c08 100644 --- a/g10/keygen.c +++ b/g10/keygen.c @@ -3123,7 +3123,7 @@ generate_keypair (const char *fname, const char *card_serialno, nbits = 0; } - nbits = ask_keysize (algo, nbits); + nbits = ask_keysize (both? subkey_algo : algo, nbits); r = xmalloc_clear( sizeof *r + 20 ); r->key = both? pSUBKEYLENGTH : pKEYLENGTH; sprintf( r->u.value, "%u", nbits); @@ -3400,6 +3400,15 @@ do_generate_keypair (struct para_data_s *para, if (!timestamp) timestamp = make_timestamp (); + /* Note that, depending on the backend (i.e. the used scdaemon + version), the card key generation may update TIMESTAMP for each + key. Thus we need to pass TIMESTAMP to all signing function to + make sure that the binding signature is done using the timestamp + of the corresponding (sub)key and not that of the primary key. + An alternative implementation could tell the signing function the + node of the subkey but that is more work than just to pass the + current timestamp. */ + if (!card) { rc = do_create (get_parameter_algo( para, pKEYTYPE ), @@ -3413,8 +3422,6 @@ do_generate_keypair (struct para_data_s *para, } else { - /* Note, that depending on the backend, the card key generation - may update TIMESTAMP. */ rc = gen_card_key (PUBKEY_ALGO_RSA, 1, 1, pub_root, sec_root, NULL, ×tamp, get_parameter_u32 (para, pKEYEXPIRE), para); @@ -3450,8 +3457,6 @@ do_generate_keypair (struct para_data_s *para, if (!rc && card && get_parameter (para, pAUTHKEYTYPE)) { - /* Note, that depending on the backend, the card key generation - may update TIMESTAMP. */ rc = gen_card_key (PUBKEY_ALGO_RSA, 3, 0, pub_root, sec_root, NULL, ×tamp, get_parameter_u32 (para, pKEYEXPIRE), para); @@ -3493,8 +3498,6 @@ do_generate_keypair (struct para_data_s *para, } else { - /* Note, that depending on the backend, the card key - generation may update TIMESTAMP. */ rc = gen_card_key (PUBKEY_ALGO_RSA, 2, 0, pub_root, sec_root, NULL, ×tamp, |