diff options
Diffstat (limited to '')
| -rw-r--r-- | g10/ChangeLog | 13 | ||||
| -rw-r--r-- | g10/call-agent.c | 6 | ||||
| -rw-r--r-- | g10/card-util.c | 163 | ||||
| -rw-r--r-- | g10/gpg.c | 1 |
4 files changed, 164 insertions, 19 deletions
diff --git a/g10/ChangeLog b/g10/ChangeLog index 6e672871d..781ec57ab 100644 --- a/g10/ChangeLog +++ b/g10/ChangeLog @@ -1,3 +1,16 @@ +2009-08-05 Werner Koch <[email protected]> + + * gpg.c: Add --key-edit alias. + + * call-agent.c (scd_genkey_cb): Forward progress status lines. + + * card-util.c (generate_card_keys): Remove special case for + GnuPG-2. Ask for the keysize and change it. + (card_generate_subkey): Ask for the keysize and change it. + (get_info_for_key_operation): Read KEY-ATTR. + (show_keysize_warning, ask_card_keysize): New. + (do_change_keysize): New. + 2009-07-31 David Shaw <[email protected]> * gpg.c (main): --pgp6 includes --disable-mdc. diff --git a/g10/call-agent.c b/g10/call-agent.c index 1b7578175..8a0b21a7a 100644 --- a/g10/call-agent.c +++ b/g10/call-agent.c @@ -667,7 +667,7 @@ scd_genkey_cb (void *opaque, const char *line) { parm->fprvalid = unhexify_fpr (line, parm->fpr); } - if (keywordlen == 8 && !memcmp (keyword, "KEY-DATA", keywordlen)) + else if (keywordlen == 8 && !memcmp (keyword, "KEY-DATA", keywordlen)) { gcry_mpi_t a; const char *name = line; @@ -694,6 +694,10 @@ scd_genkey_cb (void *opaque, const char *line) { parm->created_at = (u32)strtoul (line, NULL, 10); } + else if (keywordlen == 8 && !memcmp (keyword, "PROGRESS", keywordlen)) + { + write_status_text (STATUS_PROGRESS, line); + } return 0; } diff --git a/g10/card-util.c b/g10/card-util.c index d03de0b46..5ba42b871 100644 --- a/g10/card-util.c +++ b/g10/card-util.c @@ -1158,6 +1158,8 @@ get_info_for_key_operation (struct agent_card_info_s *info) rc = agent_scd_getattr ("DISP-NAME", info); if (!rc) rc = agent_scd_getattr ("EXTCAP", info); + if (!rc) + rc = agent_scd_getattr ("KEY-ATTR", info); if (rc) log_error (_("error getting current key info: %s\n"), gpg_strerror (rc)); return rc; @@ -1254,33 +1256,113 @@ replace_existing_key_p (struct agent_card_info_s *info, int keyno) static void +show_keysize_warning (void) +{ + static int shown; + + if (shown) + return; + shown = 1; + tty_printf + (_("NOTE: There is no guarantee that the card " + "supports the requested size.\n" + " If the key generation does not succeed, " + "please check the\n" + " documentation of your card to see what " + "sizes are allowed.\n")); +} + + +/* Ask for the size of a card key. NBITS is the current size + configured for the card. KEYNO is the number of the key used to + select the prompt. Returns 0 to use the default size (i.e. NBITS) + or the selected size. */ +static unsigned int +ask_card_keysize (int keyno, unsigned int nbits) +{ + unsigned int min_nbits = 1024; + unsigned int max_nbits = 3072; /* GnuPG limit due to Assuan. */ + char *prompt, *answer; + unsigned int req_nbits; + + for (;;) + { + prompt = xasprintf + (keyno == 0? + _("What keysize do you want for the Signature key? (%u) "): + keyno == 1? + _("What keysize do you want for the Encryption key? (%u) "): + _("What keysize do you want for the Authentication key? (%u) "), + nbits); + answer = cpr_get ("cardedit.genkeys.size", prompt); + cpr_kill_prompt (); + req_nbits = *answer? atoi (answer): nbits; + xfree (prompt); + xfree (answer); + + if (req_nbits != nbits && (req_nbits % 32) ) + { + req_nbits = ((req_nbits + 31) / 32) * 32; + tty_printf (_("rounded up to %u bits\n"), req_nbits); + } + + if (req_nbits == nbits) + return 0; /* Use default. */ + + if (req_nbits < min_nbits || req_nbits > max_nbits) + { + tty_printf (_("%s keysizes must be in the range %u-%u\n"), + "RSA", min_nbits, max_nbits); + } + else + { + tty_printf (_("The card will now be re-configured " + "to generate a key of %u bits\n"), req_nbits); + show_keysize_warning (); + return req_nbits; + } + } +} + + +/* Change the size of key KEYNO (0..2) to NBITS and show an error + message if that fails. */ +static gpg_error_t +do_change_keysize (int keyno, unsigned int nbits) +{ + gpg_error_t err; + char args[100]; + + snprintf (args, sizeof args, "--force %d 1 %u", keyno+1, nbits); + err = agent_scd_setattr ("KEY-ATTR", args, strlen (args), NULL); + if (err) + log_error (_("error changing size of key %d to %u bits: %s\n"), + keyno+1, nbits, gpg_strerror (err)); + return err; +} + + +static void generate_card_keys (void) { struct agent_card_info_s info; int forced_chv1; int want_backup; + int keyno; if (get_info_for_key_operation (&info)) return; if (info.extcap.ki) { -#if GNUPG_MAJOR_VERSION == 1 char *answer; - answer = cpr_get ("cardedit.genkeys.backup_enc", _("Make off-card backup of encryption key? (Y/n) ")); - want_backup=answer_is_yes_no_default(answer,1); - cpr_kill_prompt(); - xfree(answer); -#else - want_backup = cpr_get_answer_is_yes - ( "cardedit.genkeys.backup_enc", - _("Make off-card backup of encryption key? (Y/n) ")); - /*FIXME: we need answer_is_yes_no_default()*/ -#endif + want_backup = answer_is_yes_no_default (answer, 1/*(default to Yes)*/); + cpr_kill_prompt (); + xfree (answer); } else want_backup = 0; @@ -1290,16 +1372,19 @@ generate_card_keys (void) || (info.fpr3valid && !fpr_is_zero (info.fpr3))) { tty_printf ("\n"); - log_info ("NOTE: keys are already stored on the card!\n"); + log_info (_("NOTE: keys are already stored on the card!\n")); tty_printf ("\n"); - if ( !cpr_get_answer_is_yes( "cardedit.genkeys.replace_keys", - _("Replace existing keys? (y/N) "))) + if ( !cpr_get_answer_is_yes ("cardedit.genkeys.replace_keys", + _("Replace existing keys? (y/N) "))) { agent_release_card_info (&info); return; } } - else if (!info.disp_name || !*info.disp_name) + + /* If no displayed name has been set, we assume that this is a fresh + card and print a hint about the default PINs. */ + if (!info.disp_name || !*info.disp_name) { tty_printf ("\n"); tty_printf (_("Please note that the factory settings of the PINs are\n" @@ -1311,9 +1396,31 @@ generate_card_keys (void) if (check_pin_for_key_operation (&info, &forced_chv1)) goto leave; - - generate_keypair (NULL, info.serialno, - want_backup? opt.homedir:NULL); + + /* If the cards features changeable key attributes, we ask for the + key size. */ + if (info.is_v2 && info.extcap.aac) + { + unsigned int nbits; + + for (keyno = 0; keyno < DIM (info.key_attr); keyno++) + { + nbits = ask_card_keysize (keyno, info.key_attr[keyno].nbits); + if (nbits && do_change_keysize (keyno, nbits)) + { + /* Error: Better read the default key size again. */ + agent_release_card_info (&info); + if (get_info_for_key_operation (&info)) + goto leave; + /* Ask again for this key size. */ + keyno--; + } + } + /* Note that INFO has not be synced. However we will only use + the serialnumber and thus it won't harm. */ + } + + generate_keypair (NULL, info.serialno, want_backup? opt.homedir:NULL); leave: agent_release_card_info (&info); @@ -1365,6 +1472,26 @@ card_generate_subkey (KBNODE pub_keyblock, KBNODE sec_keyblock) if (check_pin_for_key_operation (&info, &forced_chv1)) goto leave; + /* If the cards features changeable key attributes, we ask for the + key size. */ + if (info.is_v2 && info.extcap.aac) + { + unsigned int nbits; + + ask_again: + nbits = ask_card_keysize (keyno-1, info.key_attr[keyno-1].nbits); + if (nbits && do_change_keysize (keyno-1, nbits)) + { + /* Error: Better read the default key size again. */ + agent_release_card_info (&info); + if (get_info_for_key_operation (&info)) + goto leave; + goto ask_again; + } + /* Note that INFO has not be synced. However we will only use + the serialnumber and thus it won't harm. */ + } + okay = generate_card_subkeypair (pub_keyblock, sec_keyblock, keyno, info.serialno); @@ -394,6 +394,7 @@ static ARGPARSE_OPTS opts[] = { ARGPARSE_c (aSignKey, "sign-key" ,N_("sign a key")), ARGPARSE_c (aLSignKey, "lsign-key" ,N_("sign a key locally")), ARGPARSE_c (aEditKey, "edit-key" ,N_("sign or edit a key")), + ARGPARSE_c (aEditKey, "key-edit" ,"@"), ARGPARSE_c (aGenRevoke, "gen-revoke",N_("generate a revocation certificate")), ARGPARSE_c (aDesigRevoke, "desig-revoke","@" ), ARGPARSE_c (aExport, "export" , N_("export keys") ), |