* keygen.c (do_generate_keypair): Write the auth key to the card

before the encryption key. This is a partial workaround for a PGP bug (as of this writing, all versions including 8.1), that causes it to try and encrypt to the most recent subkey regardless of whether that subkey is actually an encryption type. In this case, the auth key is an RSA key so it succeeds.
author: David Shaw <[email protected]> 2005-02-01 05:26:25 +0000
committer: David Shaw <[email protected]> 2005-02-01 05:26:25 +0000
commit: c49620a720e3237a40d4df744c8fcb144cc76927 (patch)
tree: f9a23fd6c05881a42dce555d8bc8c589f8e60411
parent: * keyid.c (keyid_from_sk, keyid_from_pk): Use 0xFFFFFFFFFFFFFFFF (diff)
download: gnupg-c49620a720e3237a40d4df744c8fcb144cc76927.tar.gz
gnupg-c49620a720e3237a40d4df744c8fcb144cc76927.zip
2 files changed, 27 insertions, 11 deletions
diff --git a/g10/ChangeLog b/g10/ChangeLog
index a6c640aeb..d709b0e51 100644
--- a/g10/ChangeLog
+++ b/g10/ChangeLog
@@ -1,3 +1,12 @@
+2005-01-31  David Shaw  <[email protected]>
+
+	* keygen.c (do_generate_keypair): Write the auth key to the card
+	before the encryption key.  This is a partial workaround for a PGP
+	bug (as of this writing, all versions including 8.1), that causes
+	it to try and encrypt to the most recent subkey regardless of
+	whether that subkey is actually an encryption type.  In this case,
+	the auth key is an RSA key so it succeeds.
+
 2005-01-27  David Shaw  <[email protected]>
 
 	* keyid.c (keyid_from_sk, keyid_from_pk): Use 0xFFFFFFFFFFFFFFFF
diff --git a/g10/keygen.c b/g10/keygen.c
index 854b7ea21..abef68167 100644
--- a/g10/keygen.c
+++ b/g10/keygen.c
@@ -2820,6 +2820,24 @@ do_generate_keypair( struct para_data_s *para,
                                get_parameter_uint (para, pKEYUSAGE));
     }
 
+    /* Write the auth key to the card before the encryption key.  This
+       is a partial workaround for a PGP bug (as of this writing, all
+       versions including 8.1), that causes it to try and encrypt to
+       the most recent subkey regardless of whether that subkey is
+       actually an encryption type.  In this case, the auth key is an
+       RSA key so it succeeds. */
+
+    if (!rc && card && get_parameter (para, pAUTHKEYTYPE))
+      {
+        rc = gen_card_key (PUBKEY_ALGO_RSA, 3, 0, pub_root, sec_root,
+                           get_parameter_u32 (para, pKEYEXPIRE), para);
+        
+        if (!rc)
+          rc = write_keybinding (pub_root, pub_root, pri_sk, sub_sk, PUBKEY_USAGE_AUTH);
+        if (!rc)
+          rc = write_keybinding (sec_root, pub_root, pri_sk, sub_sk, PUBKEY_USAGE_AUTH);
+      }
+
     if( !rc && get_parameter( para, pSUBKEYTYPE ) )
       {
         if (!card)
@@ -2859,17 +2877,6 @@ do_generate_keypair( struct para_data_s *para,
         did_sub = 1;
       }
 
-    if (!rc && card && get_parameter (para, pAUTHKEYTYPE))
-      {
-        rc = gen_card_key (PUBKEY_ALGO_RSA, 3, 0, pub_root, sec_root,
-                           get_parameter_u32 (para, pKEYEXPIRE), para);
-        
-        if (!rc)
-          rc = write_keybinding (pub_root, pub_root, pri_sk, sub_sk, PUBKEY_USAGE_AUTH);
-        if (!rc)
-          rc = write_keybinding (sec_root, pub_root, pri_sk, sub_sk, PUBKEY_USAGE_AUTH);
-      }
-    
     if( !rc && outctrl->use_files ) { /* direct write to specified files */
 	rc = write_keyblock( outctrl->pub.stream, pub_root );
 	if( rc )
author	David Shaw <[email protected]>	2005-02-01 05:26:25 +0000
committer	David Shaw <[email protected]>	2005-02-01 05:26:25 +0000
commit	c49620a720e3237a40d4df744c8fcb144cc76927 (patch)
tree	f9a23fd6c05881a42dce555d8bc8c589f8e60411
parent	* keyid.c (keyid_from_sk, keyid_from_pk): Use 0xFFFFFFFFFFFFFFFF (diff)
download	gnupg-c49620a720e3237a40d4df744c8fcb144cc76927.tar.gz gnupg-c49620a720e3237a40d4df744c8fcb144cc76927.zip