diff options
| -rw-r--r-- | agent/agent.h | 2 | ||||
| -rw-r--r-- | agent/command.c | 38 | ||||
| -rw-r--r-- | agent/findkey.c | 13 | ||||
| -rw-r--r-- | agent/pkdecrypt.c | 2 | ||||
| -rw-r--r-- | agent/pksign.c | 2 |
5 files changed, 36 insertions, 21 deletions
diff --git a/agent/agent.h b/agent/agent.h index 6004f2d42..4ee8e40c5 100644 --- a/agent/agent.h +++ b/agent/agent.h @@ -461,7 +461,7 @@ gpg_error_t agent_key_from_file (ctrl_t ctrl, cache_mode_t cache_mode, lookup_ttl_t lookup_ttl, gcry_sexp_t *result, - char **r_passphrase); + char **r_passphrase, time_t *r_timestamp); gpg_error_t agent_raw_key_from_file (ctrl_t ctrl, const unsigned char *grip, gcry_sexp_t *result); gpg_error_t agent_public_key_from_file (ctrl_t ctrl, diff --git a/agent/command.c b/agent/command.c index 3e074443a..2fb916ee9 100644 --- a/agent/command.c +++ b/agent/command.c @@ -2204,7 +2204,7 @@ cmd_passwd (assuan_context_t ctx, char *line) opt_verify? NULL : cache_nonce, ctrl->server_local->keydesc, grip, &shadow_info, CACHE_MODE_IGNORE, NULL, - &s_skey, &passphrase); + &s_skey, &passphrase, NULL); if (err) ; else if (shadow_info) @@ -2812,7 +2812,7 @@ cmd_export_key (assuan_context_t ctx, char *line) err = agent_key_from_file (ctrl, cache_nonce, ctrl->server_local->keydesc, grip, &shadow_info, CACHE_MODE_IGNORE, NULL, &s_skey, - openpgp ? &passphrase : NULL); + openpgp ? &passphrase : NULL, NULL); if (err) goto leave; if (shadow_info) @@ -2979,7 +2979,7 @@ cmd_keytocard (assuan_context_t ctx, char *line) const char *argv[5]; int argc; unsigned char grip[20]; - const char *serialno, *timestamp_str, *keyref; + const char *serialno, *keyref; gcry_sexp_t s_skey = NULL; unsigned char *keydata; size_t keydatalen; @@ -3017,21 +3017,9 @@ cmd_keytocard (assuan_context_t ctx, char *line) keyref = argv[2]; - /* FIXME: Default to the creation time as stored in the private - * key. The parameter is here so that gpg can make sure that the - * timestamp as used for key creation (and thus the openPGP - * fingerprint) is used. */ - timestamp_str = argc > 3? argv[3] : "19700101T000000"; - - if ((timestamp = isotime2epoch (timestamp_str)) == (time_t)(-1)) - { - err = gpg_error (GPG_ERR_INV_TIME); - goto leave; - } - err = agent_key_from_file (ctrl, NULL, ctrl->server_local->keydesc, grip, &shadow_info, CACHE_MODE_IGNORE, NULL, - &s_skey, NULL); + &s_skey, NULL, ×tamp); if (err) goto leave; if (shadow_info) @@ -3041,6 +3029,22 @@ cmd_keytocard (assuan_context_t ctx, char *line) goto leave; } + if (timestamp == (time_t)(-1)) + { + /* Default to the creation time as stored in the private key. The + * parameter is here so that gpg can make sure that the timestamp as + * used for key creation (and thus the openPGP fingerprint) is + * used. */ + + const char *timestamp_str= argc > 3? argv[3] : "19700101T000000"; + + if ((timestamp = isotime2epoch (timestamp_str)) == (time_t)(-1)) + { + err = gpg_error (GPG_ERR_INV_TIME); + goto leave; + } + } + /* Note: We can't use make_canon_sexp because we need to allocate a * few extra bytes for our hack below. */ keydatalen = gcry_sexp_sprint (s_skey, GCRYSEXP_FMT_CANON, NULL, 0); @@ -3277,7 +3281,7 @@ cmd_keytotpm (assuan_context_t ctx, char *line) err = agent_key_from_file (ctrl, NULL, ctrl->server_local->keydesc, grip, &shadow_info, CACHE_MODE_IGNORE, NULL, - &s_skey, NULL); + &s_skey, NULL, NULL); if (err) { xfree (shadow_info); diff --git a/agent/findkey.c b/agent/findkey.c index 0ba937aad..45c374d94 100644 --- a/agent/findkey.c +++ b/agent/findkey.c @@ -981,7 +981,8 @@ agent_key_from_file (ctrl_t ctrl, const char *cache_nonce, const char *desc_text, const unsigned char *grip, unsigned char **shadow_info, cache_mode_t cache_mode, lookup_ttl_t lookup_ttl, - gcry_sexp_t *result, char **r_passphrase) + gcry_sexp_t *result, char **r_passphrase, + time_t *r_timestamp) { gpg_error_t err; unsigned char *buf; @@ -995,6 +996,8 @@ agent_key_from_file (ctrl_t ctrl, const char *cache_nonce, *shadow_info = NULL; if (r_passphrase) *r_passphrase = NULL; + if (r_timestamp) + *r_timestamp = (time_t)(-1); err = read_key_file (grip, &s_skey, &keymeta); if (err) @@ -1015,6 +1018,14 @@ agent_key_from_file (ctrl_t ctrl, const char *cache_nonce, return err; } + if (r_timestamp && keymeta) + { + const char *created = nvc_get_string (keymeta, "Created:"); + + if (created) + *r_timestamp = isotime2epoch (created); + } + switch (agent_private_key_type (buf)) { case PRIVATE_KEY_CLEAR: diff --git a/agent/pkdecrypt.c b/agent/pkdecrypt.c index 16a15b9d0..cf6c1491d 100644 --- a/agent/pkdecrypt.c +++ b/agent/pkdecrypt.c @@ -69,7 +69,7 @@ agent_pkdecrypt (ctrl_t ctrl, const char *desc_text, } err = agent_key_from_file (ctrl, NULL, desc_text, ctrl->keygrip, &shadow_info, - CACHE_MODE_NORMAL, NULL, &s_skey, NULL); + CACHE_MODE_NORMAL, NULL, &s_skey, NULL, NULL); if (gpg_err_code (err) == GPG_ERR_NO_SECKEY) no_shadow_info = 1; else if (err) diff --git a/agent/pksign.c b/agent/pksign.c index b877addb0..170dc9644 100644 --- a/agent/pksign.c +++ b/agent/pksign.c @@ -316,7 +316,7 @@ agent_pksign_do (ctrl_t ctrl, const char *cache_nonce, err = agent_key_from_file (ctrl, cache_nonce, desc_text, ctrl->keygrip, &shadow_info, cache_mode, lookup_ttl, - &s_skey, NULL); + &s_skey, NULL, NULL); if (gpg_err_code (err) == GPG_ERR_NO_SECKEY) no_shadow_info = 1; else if (err) |