sm: Fix certificate creation with key on card.

* sm/certreqgen.c (create_request): Fix for certmode.
--

When using an existing key from a card for certificate signing (in
contrast to the default of generating a CSR), the code tried to use
the same key for signing instead of the Signing-Key parameter.  It is
perfectly okay to use the regular signing path via gpg-agent for
certificate creation - only self-signed certificates with a key on the
card require the direct use of the card key (via "SCD PKSIGN").

Signed-off-by: Werner Koch <[email protected]>
(cherry picked from commit c1000c673814e552923cf1361346d7dfeee55608)

1 files changed, 1 insertions, 1 deletions

diff --git a/sm/certreqgen.c b/sm/certreqgen.c
index 44318702a..ee7ae0158 100644
--- a/sm/certreqgen.c
+++ b/sm/certreqgen.c
@@ -1312,7 +1312,7 @@ create_request (ctrl_t ctrl,
           log_info ("about to sign the %s for key: &%s\n",
                     certmode? "certificate":"CSR", hexgrip);
 
-          if (carddirect)
+          if (carddirect && !certmode)
             rc = gpgsm_scd_pksign (ctrl, carddirect, NULL,
                                    gcry_md_read (md, mdalgo),
                                    gcry_md_get_algo_dlen (mdalgo),