aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorWerner Koch <[email protected]>2025-01-29 15:32:03 +0000
committerWerner Koch <[email protected]>2025-01-29 15:32:03 +0000
commit89055f24f4d3d645e1ac79b64421849e08a1c2a2 (patch)
tree426c1e802fd5392b5687ac4118db966d0b28b80d
parentagent: Fix ssh-agent's request_identities for skipped keys. (diff)
downloadgnupg-89055f24f4d3d645e1ac79b64421849e08a1c2a2.tar.gz
gnupg-89055f24f4d3d645e1ac79b64421849e08a1c2a2.zip
gpgsm: Allow CSR generation with an unprotected key.
* sm/call-agent.c (gpgsm_agent_genkey): Add arg no_protection. * sm/certreqgen.c (struct reqgen_ctrl_s): Add field no_protection. (read_parameters): Add keyword "%no-protection". (proc_parameters): Pass no_protection to gpgsm_agent_genkey.
Diffstat
-rw-r--r--doc/gpgsm.texi3
-rw-r--r--sm/call-agent.c8
-rw-r--r--sm/certreqgen.c5
-rw-r--r--sm/gpgsm.h5
4 files changed, 15 insertions, 6 deletions
diff --git a/doc/gpgsm.texi b/doc/gpgsm.texi
index dd0daf642..3f86d0c44 100644
--- a/doc/gpgsm.texi
+++ b/doc/gpgsm.texi
@@ -1179,6 +1179,9 @@ Print @var{text} as diagnostic.
@item %dry-run
Suppress actual key generation (useful for syntax checking).
+@item %no-protection
+Creates the private key without a passphrase.
+
@item %commit
Perform the key generation. Note that an implicit commit is done at
the next @asis{Key-Type} parameter.
diff --git a/sm/call-agent.c b/sm/call-agent.c
index 542c8495c..abce0387d 100644
--- a/sm/call-agent.c
+++ b/sm/call-agent.c
@@ -680,8 +680,8 @@ inq_genkey_parms (void *opaque, const char *line)
/* Call the agent to generate a new key */
-int
-gpgsm_agent_genkey (ctrl_t ctrl,
+gpg_error_t
+gpgsm_agent_genkey (ctrl_t ctrl, int no_protection,
ksba_const_sexp_t keyparms, ksba_sexp_t *r_pubkey)
{
int rc;
@@ -709,7 +709,9 @@ gpgsm_agent_genkey (ctrl_t ctrl,
if (!gk_parm.sexplen)
return gpg_error (GPG_ERR_INV_VALUE);
gnupg_get_isotime (timebuf);
- snprintf (line, sizeof line, "GENKEY --timestamp=%s", timebuf);
+ snprintf (line, sizeof line, "GENKEY%s --timestamp=%s",
+ no_protection? " --no-protection":"",
+ timebuf);
rc = assuan_transact (agent_ctx, line,
put_membuf_cb, &data,
inq_genkey_parms, &gk_parm, NULL, NULL);
diff --git a/sm/certreqgen.c b/sm/certreqgen.c
index eb084f594..ec55b2e0e 100644
--- a/sm/certreqgen.c
+++ b/sm/certreqgen.c
@@ -111,6 +111,7 @@ struct reqgen_ctrl_s
{
int lnr;
int dryrun;
+ int no_protection;
};
@@ -302,6 +303,8 @@ read_parameters (ctrl_t ctrl, estream_t fp, estream_t out_fp)
log_info ("%s\n", value);
else if (!ascii_strcasecmp (keyword, "%dry-run"))
outctrl.dryrun = 1;
+ else if (!ascii_strcasecmp (keyword, "%no-protection"))
+ outctrl.no_protection = 1;
else if (!ascii_strcasecmp( keyword, "%commit"))
{
rc = proc_parameters (ctrl, para, out_fp, &outctrl);
@@ -760,7 +763,7 @@ proc_parameters (ctrl_t ctrl, struct para_data_s *para,
xfree (cardkeyid);
return gpg_error (GPG_ERR_INV_PARAMETER);
}
- rc = gpgsm_agent_genkey (ctrl, keyparms, &public);
+ rc = gpgsm_agent_genkey (ctrl, outctrl->no_protection, keyparms, &public);
if (rc)
{
r = get_parameter (para, pKEYTYPE, 0);
diff --git a/sm/gpgsm.h b/sm/gpgsm.h
index cd45ec101..be5e79c9a 100644
--- a/sm/gpgsm.h
+++ b/sm/gpgsm.h
@@ -526,8 +526,9 @@ int gpgsm_scd_pksign (ctrl_t ctrl, const char *keyid, const char *desc,
int gpgsm_agent_pkdecrypt (ctrl_t ctrl, const char *keygrip, const char *desc,
ksba_const_sexp_t ciphertext,
char **r_buf, size_t *r_buflen);
-int gpgsm_agent_genkey (ctrl_t ctrl,
- ksba_const_sexp_t keyparms, ksba_sexp_t *r_pubkey);
+gpg_error_t gpgsm_agent_genkey (ctrl_t ctrl, int no_protection,
+ ksba_const_sexp_t keyparms,
+ ksba_sexp_t *r_pubkey);
int gpgsm_agent_readkey (ctrl_t ctrl, int fromcard, const char *hexkeygrip,
ksba_sexp_t *r_pubkey);
int gpgsm_agent_scd_serialno (ctrl_t ctrl, char **r_serialno);
generated by cgit v1.2.3 (git 2.25.1) at 2025-04-26 23:42:20 +0000