diff options
| author | NIIBE Yutaka <[email protected]> | 2018-03-30 00:59:09 +0000 |
|---|---|---|
| committer | NIIBE Yutaka <[email protected]> | 2018-03-30 00:59:09 +0000 |
| commit | 29692718768c28c524be6306081ab1852e75fe07 (patch) | |
| tree | 2014caf3b9e0c0f169b7f1bdcbed91a103f727fe /scd/app-openpgp.c | |
| parent | g10: Support key attribute change at --card-edit/generate. (diff) | |
| download | gnupg-29692718768c28c524be6306081ab1852e75fe07.tar.gz gnupg-29692718768c28c524be6306081ab1852e75fe07.zip | |
scd: Support changing key attribute back to RSA.
* scd/app-openpgp.c (change_rsa_keyattr): Try usual RSA.
--
In the OpenPGP card specification, there are multiple options to
support RSA (having P and Q or not, etc.), and it is implementation
dependent. Since GnuPG doesn't have knowledge which card
implementation support which option and there is no way (yet) for card
to express itself which key attributes are supported, we haven't
supported key attribute change back to RSA. But, many card
implementation uses P and Q, try this option. If other cases,
factory-reset would be easier option.
Signed-off-by: NIIBE Yutaka <[email protected]>
Diffstat (limited to 'scd/app-openpgp.c')
| -rw-r--r-- | scd/app-openpgp.c | 24 |
1 files changed, 18 insertions, 6 deletions
diff --git a/scd/app-openpgp.c b/scd/app-openpgp.c index e0c9d5959..7bbec03ac 100644 --- a/scd/app-openpgp.c +++ b/scd/app-openpgp.c @@ -3208,21 +3208,33 @@ change_rsa_keyattr (app_t app, int keyno, unsigned int nbits, relptr = get_one_do (app, 0xC1+keyno, &buf, &buflen, NULL); if (!relptr) err = gpg_error (GPG_ERR_CARD); - else if (buflen < 6 || buf[0] != PUBKEY_ALGO_RSA) + else if (buflen < 6) { - /* Attriutes too short or not an RSA key. */ + /* Attributes too short. */ xfree (relptr); err = gpg_error (GPG_ERR_CARD); } else { - /* We only change n_bits and don't touch anything else. Before we - do so, we round up NBITS to a sensible way in the same way as - gpg's key generation does it. This may help to sort out problems - with a few bits too short keys. */ + /* If key attribute was RSA, we only change n_bits and don't + touch anything else. Before we do so, we round up NBITS to a + sensible way in the same way as gpg's key generation does it. + This may help to sort out problems with a few bits too short + keys. */ nbits = ((nbits + 31) / 32) * 32; buf[1] = (nbits >> 8); buf[2] = nbits; + + /* If it was not RSA, we need to fill other parts. */ + if (buf[0] != PUBKEY_ALGO_RSA) + { + buf[0] = PUBKEY_ALGO_RSA; + buf[3] = 0; + buf[4] = 32; + buf[5] = 0; + buflen = 6; + } + err = change_keyattr (app, keyno, buf, buflen, pincb, pincb_arg); xfree (relptr); } |