From ead2982286f8ae94e96c0da09c6ed8c294711a47 Mon Sep 17 00:00:00 2001 From: Werner Koch Date: Mon, 22 Jan 2024 16:52:22 +0100 Subject: gpg: Use ephemeral mode for generating card keys. * g10/call-agent.c (agent_set_ephemeral_mode): New. * g10/keyedit.c (keyedit_menu) : Switch to ephemeral mode. * g10/keygen.c (do_generate_keypair): Switch to ephemeral mode for card keys with backup. -- GnuPG-bug-id: 6944 --- g10/keyedit.c | 32 ++++++++++++++++++++++---------- 1 file changed, 22 insertions(+), 10 deletions(-) (limited to 'g10/keyedit.c') diff --git a/g10/keyedit.c b/g10/keyedit.c index a12546f71..cae0f7841 100644 --- a/g10/keyedit.c +++ b/g10/keyedit.c @@ -1905,6 +1905,7 @@ keyedit_menu (ctrl_t ctrl, const char *username, strlist_t locusr, PACKET *pkt; IOBUF a; struct parse_packet_ctx_s parsectx; + int lastmode; if (!*arg_string) { @@ -1959,17 +1960,28 @@ keyedit_menu (ctrl_t ctrl, const char *username, strlist_t locusr, xfree (fname); node = new_kbnode (pkt); - /* Transfer it to gpg-agent which handles secret keys. */ - err = transfer_secret_keys (ctrl, NULL, node, 1, 1, 0); - - /* Treat the pkt as a public key. */ - pkt->pkttype = PKT_PUBLIC_KEY; - - /* Ask gpg-agent to store the secret key to card. */ - if (card_store_subkey (node, 0, NULL)) + err = agent_set_ephemeral_mode (ctrl, 1, &lastmode); + if (err) + log_error ("error switching to ephemeral mode: %s\n", + gpg_strerror (err)); + else { - redisplay = 1; - sec_shadowing = 1; + /* Transfer it to gpg-agent which handles secret keys. */ + err = transfer_secret_keys (ctrl, NULL, node, 1, 1, 0); + if (!err) + { + /* Treat the pkt as a public key. */ + pkt->pkttype = PKT_PUBLIC_KEY; + + /* Ask gpg-agent to store the secret key to card. */ + if (card_store_subkey (node, 0, NULL)) + { + redisplay = 1; + sec_shadowing = 1; + } + } + if (!lastmode && agent_set_ephemeral_mode (ctrl, 0, NULL)) + log_error ("error clearing the ephemeral mode\n"); } release_kbnode (node); } -- cgit v1.2.3