1259
show_keysize_warning (void)
1267
(_("NOTE: There is no guarantee that the card "
1268
"supports the requested size.\n"
1269
" If the key generation does not succeed, "
1270
"please check the\n"
1271
" documentation of your card to see what "
1272
"sizes are allowed.\n"));
1276
/* Ask for the size of a card key. NBITS is the current size
1277
configured for the card. KEYNO is the number of the key used to
1278
select the prompt. Returns 0 to use the default size (i.e. NBITS)
1279
or the selected size. */
1281
ask_card_keysize (int keyno, unsigned int nbits)
1283
unsigned int min_nbits = 1024;
1284
unsigned int max_nbits = 3072; /* GnuPG limit due to Assuan. */
1285
char *prompt, *answer;
1286
unsigned int req_nbits;
1292
_("What keysize do you want for the Signature key? (%u) "):
1294
_("What keysize do you want for the Encryption key? (%u) "):
1295
_("What keysize do you want for the Authentication key? (%u) "),
1297
answer = cpr_get ("cardedit.genkeys.size", prompt);
1299
req_nbits = *answer? atoi (answer): nbits;
1303
if (req_nbits != nbits && (req_nbits % 32) )
1305
req_nbits = ((req_nbits + 31) / 32) * 32;
1306
tty_printf (_("rounded up to %u bits\n"), req_nbits);
1309
if (req_nbits == nbits)
1310
return 0; /* Use default. */
1312
if (req_nbits < min_nbits || req_nbits > max_nbits)
1314
tty_printf (_("%s keysizes must be in the range %u-%u\n"),
1315
"RSA", min_nbits, max_nbits);
1319
tty_printf (_("The card will now be re-configured "
1320
"to generate a key of %u bits\n"), req_nbits);
1321
show_keysize_warning ();
1328
/* Change the size of key KEYNO (0..2) to NBITS and show an error
1329
message if that fails. */
1331
do_change_keysize (int keyno, unsigned int nbits)
1336
snprintf (args, sizeof args, "--force %d 1 %u", keyno+1, nbits);
1337
err = agent_scd_setattr ("KEY-ATTR", args, strlen (args), NULL);
1339
log_error (_("error changing size of key %d to %u bits: %s\n"),
1340
keyno+1, nbits, gpg_strerror (err));
1255
1346
generate_card_keys (void)
1257
1348
struct agent_card_info_s info;
1258
1349
int forced_chv1;
1259
1350
int want_backup;
1261
1353
if (get_info_for_key_operation (&info))
1264
#if GNUPG_MAJOR_VERSION == 1
1266
char *answer=cpr_get("cardedit.genkeys.backup_enc",
1267
_("Make off-card backup of encryption key? (Y/n) "));
1269
want_backup=answer_is_yes_no_default(answer,1);
1274
want_backup = cpr_get_answer_is_yes
1275
( "cardedit.genkeys.backup_enc",
1276
_("Make off-card backup of encryption key? (Y/n) "));
1277
/*FIXME: we need answer_is_yes_no_default()*/
1360
answer = cpr_get ("cardedit.genkeys.backup_enc",
1361
_("Make off-card backup of encryption key? (Y/n) "));
1363
want_backup = answer_is_yes_no_default (answer, 1/*(default to Yes)*/);
1280
1370
if ( (info.fpr1valid && !fpr_is_zero (info.fpr1))
1281
1371
|| (info.fpr2valid && !fpr_is_zero (info.fpr2))
1282
1372
|| (info.fpr3valid && !fpr_is_zero (info.fpr3)))
1284
1374
tty_printf ("\n");
1285
log_info ("NOTE: keys are already stored on the card!\n");
1375
log_info (_("NOTE: keys are already stored on the card!\n"));
1286
1376
tty_printf ("\n");
1287
if ( !cpr_get_answer_is_yes( "cardedit.genkeys.replace_keys",
1288
_("Replace existing keys? (y/N) ")))
1377
if ( !cpr_get_answer_is_yes ("cardedit.genkeys.replace_keys",
1378
_("Replace existing keys? (y/N) ")))
1290
1380
agent_release_card_info (&info);
1294
else if (!info.disp_name || !*info.disp_name)
1385
/* If no displayed name has been set, we assume that this is a fresh
1386
card and print a hint about the default PINs. */
1387
if (!info.disp_name || !*info.disp_name)
1296
1389
tty_printf ("\n");
1297
1390
tty_printf (_("Please note that the factory settings of the PINs are\n"
1304
1397
if (check_pin_for_key_operation (&info, &forced_chv1))
1307
generate_keypair (NULL, info.serialno,
1308
want_backup? opt.homedir:NULL);
1400
/* If the cards features changeable key attributes, we ask for the
1402
if (info.is_v2 && info.extcap.aac)
1406
for (keyno = 0; keyno < DIM (info.key_attr); keyno++)
1408
nbits = ask_card_keysize (keyno, info.key_attr[keyno].nbits);
1409
if (nbits && do_change_keysize (keyno, nbits))
1411
/* Error: Better read the default key size again. */
1412
agent_release_card_info (&info);
1413
if (get_info_for_key_operation (&info))
1415
/* Ask again for this key size. */
1419
/* Note that INFO has not be synced. However we will only use
1420
the serialnumber and thus it won't harm. */
1423
generate_keypair (NULL, info.serialno, want_backup? opt.homedir:NULL);
1311
1426
agent_release_card_info (&info);
1357
1472
if (check_pin_for_key_operation (&info, &forced_chv1))
1475
/* If the cards features changeable key attributes, we ask for the
1477
if (info.is_v2 && info.extcap.aac)
1482
nbits = ask_card_keysize (keyno-1, info.key_attr[keyno-1].nbits);
1483
if (nbits && do_change_keysize (keyno-1, nbits))
1485
/* Error: Better read the default key size again. */
1486
agent_release_card_info (&info);
1487
if (get_info_for_key_operation (&info))
1491
/* Note that INFO has not be synced. However we will only use
1492
the serialnumber and thus it won't harm. */
1360
1495
okay = generate_card_subkeypair (pub_keyblock, sec_keyblock,
1361
1496
keyno, info.serialno);