sm: Let --dump-cert --show-cert also print an OpenPGP fingerprint.

* sm/keylist.c (list_cert_raw): Print the OpenPGP fpr. -- This is useful for debugging for example if an OpenPGP key is used to create an X.509 cert. Signed-off-by: Werner Koch <[email protected]>
author: Werner Koch <[email protected]> 2021-05-20 17:09:38 +0000
committer: Werner Koch <[email protected]> 2021-05-20 17:09:38 +0000
commit: 52bbdc731fd54ff6d2744d7aca8e48e2c2389cc9 (patch)
tree: ab8eeec1e13983585bc19c27cf8b6f2e565fb817 /sm/keylist.c
parent: card: Intialize pointer to avoid double free (diff)
download: gnupg-52bbdc731fd54ff6d2744d7aca8e48e2c2389cc9.tar.gz
gnupg-52bbdc731fd54ff6d2744d7aca8e48e2c2389cc9.zip
1 files changed, 45 insertions, 7 deletions
diff --git a/sm/keylist.c b/sm/keylist.c
index 3c9e10c81..f571ee2b5 100644
--- a/sm/keylist.c
+++ b/sm/keylist.c
@@ -792,6 +792,8 @@ list_cert_raw (ctrl_t ctrl, KEYDB_HANDLE hd,
   ksba_name_t name, name2;
   unsigned int reason;
   const unsigned char *cert_der = NULL;
+  char *algostr;
+  int algoid;
 
   (void)have_secret;
 
@@ -845,6 +847,47 @@ list_cert_raw (ctrl_t ctrl, KEYDB_HANDLE hd,
   es_fprintf (fp, "      md5_fpr: %s\n", dn?dn:"error");
   xfree (dn);
 
+  algoid = 0;
+  algostr = gpgsm_pubkey_algo_string (cert, &algoid);
+
+  /* For RSA we support printing an OpenPGP v4 fingerprint under the
+   * assumption that the not-before date would be used as the OpenPGP
+   * key creation date.  */
+  if (algoid == GCRY_PK_RSA)
+    {
+      ksba_sexp_t pk;
+      size_t pklen;
+      const unsigned char *m, *e;
+      size_t mlen, elen;
+      unsigned char fpr20[20];
+      time_t tmpt;
+      unsigned long keytime;
+
+      pk = ksba_cert_get_public_key (cert);
+      if (pk)
+        {
+          ksba_cert_get_validity (cert, 0, t);
+          tmpt = isotime2epoch (t);
+          keytime = (tmpt == (time_t)(-1))? 0 : (u32)tmpt;
+
+          pklen = gcry_sexp_canon_len (pk, 0, NULL, NULL);
+          if (!pklen)
+            log_error ("libksba did not return a proper S-Exp\n");
+          else if (!get_rsa_pk_from_canon_sexp (pk, pklen,
+                                                &m, &mlen, &e, &elen)
+                   && !compute_openpgp_fpr_rsa (4,
+                                                keytime,
+                                                m, mlen, e, elen,
+                                                fpr20, NULL))
+            {
+              char *fpr = bin2hex (fpr20, 20, NULL);
+              es_fprintf (fp, "      pgp_fpr: %s\n", fpr);
+              xfree (fpr);
+            }
+          ksba_free (pk);
+        }
+    }
+
   dn = gpgsm_get_certid (cert);
   es_fprintf (fp, "       certid: %s\n", dn?dn:"error");
   xfree (dn);
@@ -866,13 +909,7 @@ list_cert_raw (ctrl_t ctrl, KEYDB_HANDLE hd,
   s = get_oid_desc (oid, 0, NULL);
   es_fprintf (fp, "     hashAlgo: %s%s%s%s\n", oid, s?" (":"",s?s:"",s?")":"");
 
-  {
-    char *algostr;
-
-    algostr = gpgsm_pubkey_algo_string (cert, NULL);
-    es_fprintf (fp, "      keyType: %s\n", algostr? algostr : "[error]");
-    xfree (algostr);
-  }
+  es_fprintf (fp, "      keyType: %s\n", algostr? algostr : "[error]");
 
   /* subjectKeyIdentifier */
   es_fputs ("    subjKeyId: ", fp);
@@ -1154,6 +1191,7 @@ list_cert_raw (ctrl_t ctrl, KEYDB_HANDLE hd,
         es_fprintf (fp, "  [stored as ephemeral]\n");
     }
 
+  xfree (algostr);
 }
author	Werner Koch <[email protected]>	2021-05-20 17:09:38 +0000
committer	Werner Koch <[email protected]>	2021-05-20 17:09:38 +0000
commit	52bbdc731fd54ff6d2744d7aca8e48e2c2389cc9 (patch)
tree	ab8eeec1e13983585bc19c27cf8b6f2e565fb817 /sm/keylist.c
parent	card: Intialize pointer to avoid double free (diff)
download	gnupg-52bbdc731fd54ff6d2744d7aca8e48e2c2389cc9.tar.gz gnupg-52bbdc731fd54ff6d2744d7aca8e48e2c2389cc9.zip