* sign.c (hash_for): Add code to detect if the sk lives on a smart

card. If it does, only allow 160-bit hashes, a la DSA. This involves passing the *sk in, so change all callers. This is correct for today, given the current 160-bit q in DSA, and the current SHA-1/RIPEMD160 support in the openpgp card. It will almost certainly need changing down the road. * app-openpgp.c (do_sign): Give user error if hash algorithm is not supported by the card.
author: David Shaw <[email protected]> 2006-01-01 17:48:54 +0000
committer: David Shaw <[email protected]> 2006-01-01 17:48:54 +0000
commit: cbc5c947d59b23f6e0ce9862c19bb5ff3d0cb606 (patch)
tree: 5303409d32e410d7e73a9ea069ecd382ae943312 /g10/app-openpgp.c
parent: * cert.c (get_cert): Properly chase down CNAMEs pointing to CERTs. (diff)
download: gnupg-cbc5c947d59b23f6e0ce9862c19bb5ff3d0cb606.tar.gz
gnupg-cbc5c947d59b23f6e0ce9862c19bb5ff3d0cb606.zip
1 files changed, 5 insertions, 1 deletions
diff --git a/g10/app-openpgp.c b/g10/app-openpgp.c
index 910dde4d5..ff0143c55 100644
--- a/g10/app-openpgp.c
+++ b/g10/app-openpgp.c
@@ -2083,7 +2083,11 @@ do_sign (app_t app, const char *keyidstr, int hashalgo,
            && !memcmp (indata, rmd160_prefix, 15))
     ;
   else
-    return gpg_error (GPG_ERR_INV_VALUE);
+    {
+      log_error(_("card does not support digest algorithm %s\n"),
+		digest_algo_to_string(hashalgo));
+      return gpg_error (GPG_ERR_INV_VALUE);
+    }
 
   /* Check whether an OpenPGP card of any version has been requested. */
   if (strlen (keyidstr) < 32 || strncmp (keyidstr, "D27600012401", 12))
author	David Shaw <[email protected]>	2006-01-01 17:48:54 +0000
committer	David Shaw <[email protected]>	2006-01-01 17:48:54 +0000
commit	cbc5c947d59b23f6e0ce9862c19bb5ff3d0cb606 (patch)
tree	5303409d32e410d7e73a9ea069ecd382ae943312 /g10/app-openpgp.c
parent	* cert.c (get_cert): Properly chase down CNAMEs pointing to CERTs. (diff)
download	gnupg-cbc5c947d59b23f6e0ce9862c19bb5ff3d0cb606.tar.gz gnupg-cbc5c947d59b23f6e0ce9862c19bb5ff3d0cb606.zip