[Pkg-gnupg-commit] [gnupg2] 100/132: g10: For signing, prefer available card key when no -u option.

Daniel Kahn Gillmor dkg at fifthhorseman.net
Wed May 17 03:07:46 UTC 2017 

This is an automated email from the git hooks/post-receive script.

dkg pushed a commit to branch experimental
in repository gnupg2.

commit 97a2394ecafaa6f58e4a1f70ecfd04408dc15606
Author: NIIBE Yutaka <gniibe at fsij.org>
Date:   Thu Apr 27 10:33:58 2017 +0900

    g10: For signing, prefer available card key when no -u option.
    
    * g10/skclist.c (build_sk_list): Ask gpg-agent if card is available.
    Then, use the card key if any.
    
    --
    
    GnuPG-bug-id: 1983
    Signed-off-by: NIIBE Yutaka <gniibe at fsij.org>
---
 g10/skclist.c | 30 ++++++++++++++++++++++++++++--
 1 file changed, 28 insertions(+), 2 deletions(-)

diff --git a/g10/skclist.c b/g10/skclist.c
index a016b62..489277c 100644
--- a/g10/skclist.c
+++ b/g10/skclist.c
@@ -31,6 +31,7 @@
 #include "keydb.h"
 #include "../common/util.h"
 #include "../common/i18n.h"
+#include "call-agent.h"
 
 
 /* Return true if Libgcrypt's RNG is in faked mode.  */
@@ -126,13 +127,38 @@ build_sk_list (ctrl_t ctrl,
      select the best key.  If a key specification is ambiguous and we
      are in batch mode, die.  */
 
-  if (!locusr) /* No user ids given - use the default key.  */
+  if (!locusr) /* No user ids given - use the card key or the default key.  */
     {
+      struct agent_card_info_s info;
       PKT_public_key *pk;
+      char *serialno;
 
+      memset (&info, 0, sizeof(info));
       pk = xmalloc_clear (sizeof *pk);
       pk->req_usage = use;
-      if ((err = getkey_byname (ctrl, NULL, pk, NULL, 1, NULL)))
+
+      /* Check if a card is available.  If any, use it.  */
+      err = agent_scd_serialno (&serialno, NULL);
+      if (!err)
+        {
+          xfree (serialno);
+          err = agent_scd_getattr ("KEY-FPR", &info);
+          if (err)
+            log_error ("error retrieving key fingerprint from card: %s\n",
+                       gpg_strerror (err));
+          else if (info.fpr1valid)
+            {
+              if ((err = get_pubkey_byfprint (ctrl, pk, NULL, info.fpr1, 20)))
+                {
+                  info.fpr1valid = 0;
+                  log_error ("error on card key to sign: %s, try default\n",
+                             gpg_strerror (err));
+                }
+            }
+        }
+
+      if (!info.fpr1valid
+          && (err = getkey_byname (ctrl, NULL, pk, NULL, 1, NULL)))
 	{
 	  free_public_key (pk);
 	  pk = NULL;

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-gnupg/gnupg2.git

More information about the Pkg-gnupg-commit mailing list