sm: Fix certificate creation with key on card.

* sm/certreqgen.c (create_request): Fix for certmode. -- When using an existing key from a card for certificate signing (in contrast to the default of generating a CSR), the code tried to use the same key for signing instead of the Signing-Key parameter. It is perfectly okay to use the regular signing path via gpg-agent for certificate creation - only self-signed certificates with a key on the card require the direct use of the card key (via "SCD PKSIGN"). Signed-off-by: Werner Koch <[email protected]>
author: Werner Koch <[email protected]> 2019-02-21 16:32:39 +0000
committer: Werner Koch <[email protected]> 2019-02-21 16:32:39 +0000
commit: c1000c673814e552923cf1361346d7dfeee55608 (patch)
tree: 5c1eda47894bb6e36e67890708a0df51d714835c /sm/certreqgen.c
parent: card: Print usage info for each key. (diff)
download: gnupg-c1000c673814e552923cf1361346d7dfeee55608.tar.gz
gnupg-c1000c673814e552923cf1361346d7dfeee55608.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/sm/certreqgen.c b/sm/certreqgen.c
index 01fba30f5..d5c857b08 100644
--- a/sm/certreqgen.c
+++ b/sm/certreqgen.c
@@ -1314,7 +1314,7 @@ create_request (ctrl_t ctrl,
           log_info ("about to sign the %s for key: &%s\n",
                     certmode? "certificate":"CSR", hexgrip);
 
-          if (carddirect)
+          if (carddirect && !certmode)
             rc = gpgsm_scd_pksign (ctrl, carddirect, NULL,
                                    gcry_md_read (md, mdalgo),
                                    gcry_md_get_algo_dlen (mdalgo),
author	Werner Koch <[email protected]>	2019-02-21 16:32:39 +0000
committer	Werner Koch <[email protected]>	2019-02-21 16:32:39 +0000
commit	c1000c673814e552923cf1361346d7dfeee55608 (patch)
tree	5c1eda47894bb6e36e67890708a0df51d714835c /sm/certreqgen.c
parent	card: Print usage info for each key. (diff)
download	gnupg-c1000c673814e552923cf1361346d7dfeee55608.tar.gz gnupg-c1000c673814e552923cf1361346d7dfeee55608.zip