[Pkg-gnupg-commit] [gnupg2] 07/09: use available smartcard when signing
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Thu May 11 02:43:35 UTC 2017
This is an automated email from the git hooks/post-receive script.
dkg pushed a commit to branch experimental
in repository gnupg2.
commit 24f87753e817c95749758810d82d8e28321feea8
Author: Daniel Kahn Gillmor <dkg at fifthhorseman.net>
Date: Wed May 10 14:57:35 2017 -0400
use available smartcard when signing
---
...ning-prefer-available-card-key-when-no-u-.patch | 69 ++++++++++++++++++++++
debian/patches/series | 1 +
2 files changed, 70 insertions(+)
diff --git a/debian/patches/0059-g10-For-signing-prefer-available-card-key-when-no-u-.patch b/debian/patches/0059-g10-For-signing-prefer-available-card-key-when-no-u-.patch
new file mode 100644
index 0000000..d2fbbae
--- /dev/null
+++ b/debian/patches/0059-g10-For-signing-prefer-available-card-key-when-no-u-.patch
@@ -0,0 +1,69 @@
+From: NIIBE Yutaka <gniibe at fsij.org>
+Date: Thu, 27 Apr 2017 10:33:58 +0900
+Subject: g10: For signing, prefer available card key when no -u option.
+
+* g10/skclist.c (build_sk_list): Ask gpg-agent if card is available.
+Then, use the card key if any.
+
+--
+
+GnuPG-bug-id: 1983
+Signed-off-by: NIIBE Yutaka <gniibe at fsij.org>
+(cherry picked from commit 97a2394ecafaa6f58e4a1f70ecfd04408dc15606)
+---
+ g10/skclist.c | 30 ++++++++++++++++++++++++++++--
+ 1 file changed, 28 insertions(+), 2 deletions(-)
+
+diff --git a/g10/skclist.c b/g10/skclist.c
+index a016b62..489277c 100644
+--- a/g10/skclist.c
++++ b/g10/skclist.c
+@@ -31,6 +31,7 @@
+ #include "keydb.h"
+ #include "../common/util.h"
+ #include "../common/i18n.h"
++#include "call-agent.h"
+
+
+ /* Return true if Libgcrypt's RNG is in faked mode. */
+@@ -126,13 +127,38 @@ build_sk_list (ctrl_t ctrl,
+ select the best key. If a key specification is ambiguous and we
+ are in batch mode, die. */
+
+- if (!locusr) /* No user ids given - use the default key. */
++ if (!locusr) /* No user ids given - use the card key or the default key. */
+ {
++ struct agent_card_info_s info;
+ PKT_public_key *pk;
++ char *serialno;
+
++ memset (&info, 0, sizeof(info));
+ pk = xmalloc_clear (sizeof *pk);
+ pk->req_usage = use;
+- if ((err = getkey_byname (ctrl, NULL, pk, NULL, 1, NULL)))
++
++ /* Check if a card is available. If any, use it. */
++ err = agent_scd_serialno (&serialno, NULL);
++ if (!err)
++ {
++ xfree (serialno);
++ err = agent_scd_getattr ("KEY-FPR", &info);
++ if (err)
++ log_error ("error retrieving key fingerprint from card: %s\n",
++ gpg_strerror (err));
++ else if (info.fpr1valid)
++ {
++ if ((err = get_pubkey_byfprint (ctrl, pk, NULL, info.fpr1, 20)))
++ {
++ info.fpr1valid = 0;
++ log_error ("error on card key to sign: %s, try default\n",
++ gpg_strerror (err));
++ }
++ }
++ }
++
++ if (!info.fpr1valid
++ && (err = getkey_byname (ctrl, NULL, pk, NULL, 1, NULL)))
+ {
+ free_public_key (pk);
+ pk = NULL;
diff --git a/debian/patches/series b/debian/patches/series
index 06a8819..74a06de 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -56,3 +56,4 @@ skip-missing-signing-keys/0013-g10-Skip-signing-keys-where-no-secret-key-is-avai
0056-gpg-Fix-typo.patch
0057-gpg-Properly-account-for-ring-trust-packets.patch
0058-g10-Remove-skeleton-options-files.patch
+0059-g10-For-signing-prefer-available-card-key-when-no-u-.patch
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-gnupg/gnupg2.git
More information about the Pkg-gnupg-commit
mailing list