gpgsm: New option --compatibility-flags.

* sm/gpgsm.c (oCompatibilityFlags): New option.
(compatibility_flags): new.
(main): Parse and print them in verbose mode.
* sm/gpgsm.h (opt): Add field compat_glags.:
(COMPAT_ALLOW_KA_TO_ENCR): New.
* sm/keylist.c (print_capabilities): Take care of the new flag.
* sm/certlist.c (cert_usage_p): Ditto.

1 files changed, 15 insertions, 0 deletions

diff --git a/sm/gpgsm.h b/sm/gpgsm.h
index bb32db3ed..8765f9f9d 100644
--- a/sm/gpgsm.h
+++ b/sm/gpgsm.h
@@ -176,6 +176,9 @@ struct
    * HEX_OR_FILENAME.  The actual value needs to be encoded as a SET OF
    * attribute values.  */
   strlist_t attributes;
+
+  /* Compatibility flags (COMPAT_FLAG_xxxx).  */
+  unsigned int compat_flags;
 } opt;
 
 /* Debug values and macros.  */
@@ -199,6 +202,18 @@ struct
 #define DBG_CLOCK   (opt.debug & DBG_CLOCK_VALUE)
 #define DBG_LOOKUP  (opt.debug & DBG_LOOKUP_VALUE)
 
+
+/* Compatibility flags */
+/* Telesec RSA cards produced for NRW in 2022 came with only the
+ * keyAgreement bit set.  This flag allows there use for encryption
+ * anyway.  Example cert:
+ *    Issuer: /CN=DOI CA 10a/OU=DOI/O=PKI-1-Verwaltung/C=DE
+ * key usage: digitalSignature nonRepudiation keyAgreement
+ *  policies: 1.3.6.1.4.1.7924.1.1:N:
+ */
+#define COMPAT_ALLOW_KA_TO_ENCR   1
+
+
 /* Forward declaration for an object defined in server.c */
 struct server_local_s;