~ubuntu-branches/ubuntu/vivid/gnupg2/vivid-proposed : revision 23

50

#define DEFAULT_STD_KEYSIZE 2048

51

52

53

#define MAX_PREFS 30

53

#define MAX_PREFS 30

54

55

enum para_name {

56

pKEYTYPE,

151

byte array[MAX_FINGERPRINT_LEN], *s;

152

char *buf, *p;

153

size_t i, n;

154

155

if (!handle)

156

handle = "";

157

321

322

gpg -r pgpkey -r gpgkey ---gives--> AES256

323

gpg -r gpgkey -r pgpkey ---gives--> AES

324

325

Note that by using --personal-cipher-preferences it is

326

possible to prefer AES128.

327

*/

655

keygen_upd_std_prefs (PKT_signature *sig, void *opaque)

656

{

657

(void)opaque;

658

659

if (!prefs_initialized)

660

keygen_set_std_prefs (NULL, 0);

661

662

if (nsym_prefs)

661

662

if (nsym_prefs)

663

build_sig_subpkt (sig, SIGSUBPKT_PREF_SYM, sym_prefs, nsym_prefs);

664

else

665

{

666

delete_sig_subpkt (sig->hashed, SIGSUBPKT_PREF_SYM);

667

delete_sig_subpkt (sig->unhashed, SIGSUBPKT_PREF_SYM);

668

}

669

670

if (nhash_prefs)

671

build_sig_subpkt (sig, SIGSUBPKT_PREF_HASH, hash_prefs, nhash_prefs);

672

else

682

delete_sig_subpkt (sig->hashed, SIGSUBPKT_PREF_COMPR);

683

delete_sig_subpkt (sig->unhashed, SIGSUBPKT_PREF_COMPR);

684

}

685

686

/* Make sure that the MDC feature flag is set if needed. */

687

add_feature_mdc (sig,mdc_available);

688

add_keyserver_modify (sig,ks_modify);

820

/* Get it into a binary packed form. */

821

IOBUF backsig_out=iobuf_temp();

822

PACKET backsig_pkt;

823

824

init_packet(&backsig_pkt);

825

backsig_pkt.pkttype=PKT_SIGNATURE;

826

backsig_pkt.pkt.signature=backsig;

832

{

833

size_t pktlen=0;

834

byte *buf=iobuf_get_temp_buffer(backsig_out);

835

836

/* Remove the packet header */

837

if(buf[0]&0x40)

838

{

861

else

862

{

863

int mark=1;

864

865

switch(buf[0]&3)

866

{

867

case 3:

868

BUG();

869

break;

870

871

case 2:

872

pktlen =buf[mark++] << 24;

873

pktlen|=buf[mark++] << 16;

874

875

case 1:

876

pktlen|=buf[mark++] << 8;

877

878

case 0:

879

pktlen|=buf[mark++];

880

}

881

882

buf+=mark;

883

}

884

885

/* Now make the binary blob into a subpacket. */

886

build_sig_subpkt(sig,SIGSUBPKT_SIGNATURE,buf,pktlen);

887

888

iobuf_close(backsig_out);

889

}

890

}

891

892

return rc;

893

}

894

925

log_error("make_keysig_packet failed: %s\n", g10_errstr(rc) );

926

return rc;

927

}

928

929

pkt = xmalloc_clear( sizeof *pkt );

930

pkt->pkttype = PKT_SIGNATURE;

931

pkt->pkt.signature = sig;

960

BUG();

961

pk = node->pkt->pkt.public_key;

962

pk->pubkey_usage = use;

963

964

/* We have to cache the key, so that the verification of the

965

signature creation is able to retrieve the public key. */

966

cache_public_key (pk);

969

rc = make_keysig_packet (&sig, pk, uid, NULL, sk, 0x13,

970

0, 0, timestamp, 0,

971

keygen_add_std_prefs, pk);

972

if( rc )

972

if( rc )

973

{

974

log_error("make_keysig_packet failed: %s\n", g10_errstr(rc) );

975

return rc;

1014

/* We have to cache the key, so that the verification of the

1015

* signature creation is able to retrieve the public key. */

1016

cache_public_key (pri_pk);

1017

1018

/* Find the last subkey. */

1019

sub_pk = NULL;

1020

for (node=pub_root; node; node = node->next )

1020

for (node=pub_root; node; node = node->next )

1021

{

1022

if ( node->pkt->pkttype == PKT_PUBLIC_SUBKEY )

1023

sub_pk = node->pkt->pkt.public_key;

1028

/* Make the signature. */

1029

oduap.usage = use;

1030

oduap.pk = sub_pk;

1031

rc = make_keysig_packet (&sig, pri_pk, NULL, sub_pk, pri_sk, 0x18,

1031

rc = make_keysig_packet (&sig, pri_pk, NULL, sub_pk, pri_sk, 0x18,

1032

0, 0, timestamp, 0,

1033

keygen_add_key_flags_and_expire, &oduap );

1034

if (rc)

1034

if (rc)

1035

{

1036

log_error ("make_keysig_packet failed: %s\n", g10_errstr(rc) );

1037

return rc;

1044

if (rc)

1045

return rc;

1046

}

1047

1048

pkt = xmalloc_clear ( sizeof *pkt );

1049

pkt->pkttype = PKT_SIGNATURE;

1050

pkt->pkt.signature = sig;

1082

}

1083

array[idx] = gcry_sexp_nth_mpi (l2, 1, GCRYMPI_FMT_USG);

1084

gcry_sexp_release (l2);

1085

if (!array[idx])

1085

if (!array[idx])

1086

{

1087

rc = gpg_error (GPG_ERR_INV_OBJ); /* required parameter invalid */

1088

goto leave;

1129

#if 0 /* Not used anymore */

1130

size_t n;

1131

char *buf;

1132

1133

if (misc_key_info)

1134

{

1135

/* DSA: don't know whether it makes sense to have the factors, so for now

1158

static int

1159

gen_elg (int algo, unsigned int nbits,

1160

KBNODE pub_root, KBNODE sec_root, DEK *dek,

1161

STRING2KEY *s2k, PKT_secret_key **ret_sk,

1161

STRING2KEY *s2k, PKT_secret_key **ret_sk,

1162

u32 timestamp, u32 expireval, int is_subkey)

1163

{

1164

int rc;

1167

PKT_public_key *pk;

1168

gcry_sexp_t s_parms, s_key;

1169

gcry_sexp_t misc_key_info;

1170

1171

assert( is_ELGAMAL(algo) );

1172

1173

if (nbits < 512)

1174

{

1175

nbits = 1024;

1175

nbits = 2048;

1176

log_info (_("keysize invalid; using %u bits\n"), nbits );

1177

}

1178

1190

(int)nbits);

1191

if (rc)

1192

log_bug ("gcry_sexp_build failed: %s\n", gpg_strerror (rc));

1193

1194

rc = gcry_pk_genkey (&s_key, s_parms);

1195

gcry_sexp_release (s_parms);

1196

if (rc)

1198

log_error ("gcry_pk_genkey failed: %s\n", gpg_strerror (rc) );

1199

return rc;

1200

}

1201

1202

sk = xmalloc_clear( sizeof *sk );

1203

pk = xmalloc_clear( sizeof *pk );

1204

sk->timestamp = pk->timestamp = timestamp;

1205

sk->version = pk->version = 4;

1206

if (expireval)

1206

if (expireval)

1207

{

1208

sk->expiredate = pk->expiredate = sk->timestamp + expireval;

1209

}

1210

sk->pubkey_algo = pk->pubkey_algo = algo;

1211

1212

rc = key_from_sexp (pk->pkey, s_key, "public-key", "pgy");

1213

if (rc)

1213

if (rc)

1214

{

1215

log_error ("key_from_sexp failed: %s\n", gpg_strerror (rc) );

1216

gcry_sexp_release (s_key);

1229

}

1230

misc_key_info = gcry_sexp_find_token (s_key, "misc-key-info", 0);

1231

gcry_sexp_release (s_key);

1232

1233

sk->is_protected = 0;

1234

sk->protect.algo = 0;

1235

1245

gcry_sexp_release (misc_key_info);

1246

return rc;

1247

}

1248

1249

pkt = xmalloc_clear (sizeof *pkt);

1250

pkt->pkttype = is_subkey ? PKT_PUBLIC_SUBKEY : PKT_PUBLIC_KEY;

1251

pkt->pkt.public_key = pk;

1258

pkt->pkttype = is_subkey ? PKT_SECRET_SUBKEY : PKT_SECRET_KEY;

1259

pkt->pkt.secret_key = sk;

1260

add_kbnode (sec_root, new_kbnode( pkt ));

1261

1262

genhelp_factors (misc_key_info, sec_root);

1263

1264

return 0;

1265

}

1266

1270

*/

1271

static int

1272

gen_dsa (unsigned int nbits, KBNODE pub_root, KBNODE sec_root, DEK *dek,

1273

STRING2KEY *s2k, PKT_secret_key **ret_sk,

1273

STRING2KEY *s2k, PKT_secret_key **ret_sk,

1274

u32 timestamp, u32 expireval, int is_subkey)

1275

{

1276

int rc;

1281

gcry_sexp_t misc_key_info;

1282

unsigned int qbits;

1283

1284

if ( nbits < 512)

1284

if ( nbits < 512)

1285

{

1286

nbits = 1024;

1286

nbits = 2048;

1287

log_info(_("keysize invalid; using %u bits\n"), nbits );

1288

}

1289

else if ( nbits > 3072 )

1308

1309

/*

1310

Figure out a q size based on the key size. FIPS 180-3 says:

1311

1312

L = 1024, N = 160

1313

L = 2048, N = 224

1314

L = 2048, N = 256

1315

L = 3072, N = 256

1316

1317

2048/256 is an odd pair since there is also a 2048/224 and

1318

3072/256. Matching sizes is not a very exact science.

1319

1320

We'll do 256 qbits for nbits over 2047, 224 for nbits over 1024

1321

but less than 2048, and 160 for 1024 (DSA1).

1322

*/

1323

1324

if (nbits > 2047)

1325

qbits = 256;

1326

else if ( nbits > 1024)

1327

qbits = 224;

1328

else

1329

qbits = 160;

1330

1331

if (qbits != 160 )

1332

log_info (_("WARNING: some OpenPGP programs can't"

1333

" handle a DSA key with this digest size\n"));

1337

(int)nbits, (int)qbits);

1338

if (rc)

1339

log_bug ("gcry_sexp_build failed: %s\n", gpg_strerror (rc));

1340

1341

rc = gcry_pk_genkey (&s_key, s_parms);

1342

gcry_sexp_release (s_parms);

1343

if (rc)

1350

pk = xmalloc_clear( sizeof *pk );

1351

sk->timestamp = pk->timestamp = timestamp;

1352

sk->version = pk->version = 4;

1353

if (expireval)

1353

if (expireval)

1354

sk->expiredate = pk->expiredate = sk->timestamp + expireval;

1355

sk->pubkey_algo = pk->pubkey_algo = PUBKEY_ALGO_DSA;

1356

1357

rc = key_from_sexp (pk->pkey, s_key, "public-key", "pqgy");

1358

if (rc)

1358

if (rc)

1359

{

1360

log_error ("key_from_sexp failed: %s\n", gpg_strerror (rc));

1361

gcry_sexp_release (s_key);

1364

return rc;

1365

}

1366

rc = key_from_sexp (sk->skey, s_key, "private-key", "pqgyx");

1367

if (rc)

1367

if (rc)

1368

{

1369

log_error ("key_from_sexp failed: %s\n", gpg_strerror (rc) );

1370

gcry_sexp_release (s_key);

1374

}

1375

misc_key_info = gcry_sexp_find_token (s_key, "misc-key-info", 0);

1376

gcry_sexp_release (s_key);

1377

1378

sk->is_protected = 0;

1379

sk->protect.algo = 0;

1380

1413

}

1414

1415

1416

/*

1416

/*

1417

* Generate an RSA key.

1418

*/

1419

static int

1432

if (!nbits)

1433

nbits = DEFAULT_STD_KEYSIZE;

1434

1435

if (nbits < 1024)

1435

if (nbits < 1024)

1436

{

1437

nbits = 1024;

1437

nbits = 2048;

1438

log_info (_("keysize invalid; using %u bits\n"), nbits );

1439

}

1440

1441

if ((nbits % 32))

1442

{

1443

nbits = ((nbits + 31) / 32) * 32;

1449

(int)nbits);

1450

if (rc)

1451

log_bug ("gcry_sexp_build failed: %s\n", gpg_strerror (rc));

1452

1453

rc = gcry_pk_genkey (&s_key, s_parms);

1454

gcry_sexp_release (s_parms);

1455

if (rc)

1469

sk->pubkey_algo = pk->pubkey_algo = algo;

1470

1471

rc = key_from_sexp (pk->pkey, s_key, "public-key", "ne");

1472

if (rc)

1472

if (rc)

1473

{

1474

log_error ("key_from_sexp failed: %s\n", gpg_strerror (rc));

1475

gcry_sexp_release (s_key);

1478

return rc;

1479

}

1480

rc = key_from_sexp (sk->skey, s_key, "private-key", "nedpqu");

1481

if (rc)

1481

if (rc)

1482

{

1483

log_error ("key_from_sexp failed: %s\n", gpg_strerror (rc) );

1484

gcry_sexp_release (s_key);

1679

1680

if (!r_subkey_algo)

1681

r_subkey_algo = &dummy_algo;

1682

1683

tty_printf (_("Please select what kind of key you want:\n"));

1684

1685

if (!addmode)

1700

tty_printf (_(" (%d) DSA (set your own capabilities)\n"), 7 );

1701

tty_printf (_(" (%d) RSA (set your own capabilities)\n"), 8 );

1702

}

1703

1704

for(;;)

1705

{

1706

*r_usage = 0;

1760

else

1761

tty_printf (_("Invalid selection.\n"));

1762

}

1763

1764

return algo;

1765

}

1766

1823

nbits = *answer? atoi (answer): def;

1824

xfree(prompt);

1825

xfree(answer);

1826

1827

if(nbits<min || nbits>max)

1828

tty_printf(_("%s keysizes must be in the range %u-%u\n"),

1829

gcry_pk_algo_name (algo), min, max);

1869

u32 abs_date = 0;

1870

u32 curtime = make_timestamp ();

1871

time_t tt;

1872

1873

if (!*string)

1874

seconds = 0;

1875

else if (!strncmp (string, "seconds=", 8))

1883

seconds = atoi (string) * 86400L * mult;

1884

else

1885

seconds = (u32)(-1);

1886

1887

return seconds;

1888

}

1889

1893

parse_creation_string (const char *string)

1894

{

1895

u32 seconds;

1896

1897

if (!*string)

1898

seconds = 0;

1899

else if ( !strncmp (string, "seconds=", 8) )

2188

lower and uppercase. Below you will find the matching

2189

string which should be translated accordingly and the

2190

letter changed to match the one in the answer string.

2191

2192

n = Change name

2193

c = Change comment

2194

e = Change email

2309

routines based on the requested algorithm. */

2310

static int

2311

do_create (int algo, unsigned int nbits, KBNODE pub_root, KBNODE sec_root,

2312

DEK *dek, STRING2KEY *s2k, PKT_secret_key **sk,

2312

DEK *dek, STRING2KEY *s2k, PKT_secret_key **sk,

2313

u32 timestamp, u32 expiredate, int is_subkey )

2314

{

2315

int rc=0;

2344

generate_user_id (KBNODE keyblock)

2345

{

2346

char *p;

2347

2348

p = ask_user_id (1, keyblock);

2349

if (!p)

2350

return NULL; /* Canceled. */

2386

}

2387

2388

static int

2389

get_parameter_algo( struct para_data_s *para, enum para_name key,

2389

get_parameter_algo( struct para_data_s *para, enum para_name key,

2390

int *r_default)

2391

{

2392

int i;

2419

return i;

2420

}

2421

2422

/*

2422

/*

2423

* Parse the usage parameter and set the keyflags. Returns -1 on

2424

* error, 0 for no usage given or 1 for usage available.

2425

*/

2433

2434

if( !r )

2435

return 0; /* none (this is an optional parameter)*/

2436

2437

use = 0;

2438

pn = r->u.value;

2439

while ( (p = strsep (&pn, " \t,")) ) {

2521

return r->u.expire;

2522

if( r->key == pKEYUSAGE || r->key == pSUBKEYUSAGE )

2523

return r->u.usage;

2524

2525

return (unsigned int)strtoul( r->u.value, NULL, 10 );

2526

}

2527

2729

para = r;

2730

}

2731

2732

if (canceled)

2732

if (canceled)

2733

{

2734

log_error ("%s:%d: key generation canceled\n", fname, r->lnr );

2735

return -1;

2745

* but because we do this always, why not here. */

2746

STRING2KEY *s2k;

2747

DEK *dek;

2748

2749

s2k = xmalloc_secure ( sizeof *s2k );

2750

s2k->mode = opt.s2k_mode;

2751

s2k->hash_algo = S2K_DIGEST_ALGO;

2755

set_next_passphrase (NULL );

2756

assert (dek);

2757

memset (r->u.value, 0, strlen(r->u.value));

2758

2759

r = xmalloc_clear (sizeof *r);

2760

r->key = pPASSPHRASE_S2K;

2761

r->u.s2k = s2k;

2914

else if( !ascii_strcasecmp( keyword, "%commit" ) ) {

2915

outctrl.lnr = lnr;

2916

if (proc_parameter_file( para, fname, &outctrl, 0 ))

2917

print_status_key_not_created

2917

print_status_key_not_created

2918

(get_parameter_value (para, pHANDLE));

2919

release_parameter_list( para );

2920

para = NULL;

3041

* written to directory given by this argument .

3042

*/

3043

void

3044

generate_keypair (const char *fname, const char *card_serialno,

3044

generate_keypair (const char *fname, const char *card_serialno,

3045

const char *backup_encryption_dir)

3046

{

3047

unsigned int nbits;

3056

struct para_data_s *r;

3057

struct output_control_s outctrl;

3058

int canceled;

3059

3060

memset( &outctrl, 0, sizeof( outctrl ) );

3061

3062

if (opt.batch && card_serialno)

3063

{

3064

/* We don't yet support unattended key generation. */

3065

log_error (_("can't do this in batch mode\n"));

3066

return;

3067

}

3068

3069

if (opt.batch)

3070

{

3071

read_parameter_file( fname );

3080

strcpy( r->u.value, card_serialno);

3081

r->next = para;

3082

para = r;

3083

3084

algo = PUBKEY_ALGO_RSA;

3085

3086

r = xcalloc (1, sizeof *r + 20 );

3087

r->key = pKEYTYPE;

3088

sprintf( r->u.value, "%d", algo );

3093

strcpy (r->u.value, "sign");

3094

r->next = para;

3095

para = r;

3096

3097

r = xcalloc (1, sizeof *r + 20 );

3098

r->key = pSUBKEYTYPE;

3099

sprintf( r->u.value, "%d", algo );

3104

strcpy (r->u.value, "encrypt");

3105

r->next = para;

3106

para = r;

3107

3108

r = xcalloc (1, sizeof *r + 20 );

3109

r->key = pAUTHKEYTYPE;

3110

sprintf( r->u.value, "%d", algo );

3123

}

3124

else

3125

{

3126

int subkey_algo;

3126

int subkey_algo;

3127

3128

algo = ask_algo (0, &subkey_algo, &use);

3129

if (subkey_algo)

3130

{

3130

{

3131

/* Create primary and subkey at once. */

3132

both = 1;

3133

r = xmalloc_clear( sizeof *r + 20 );

3146

strcpy( r->u.value, "sign" );

3147

r->next = para;

3148

para = r;

3149

3150

r = xmalloc_clear( sizeof *r + 20 );

3151

r->key = pSUBKEYTYPE;

3152

sprintf( r->u.value, "%d", subkey_algo);

3158

r->next = para;

3159

para = r;

3160

}

3161

else

3161

else

3162

{

3163

r = xmalloc_clear( sizeof *r + 20 );

3164

r->key = pKEYTYPE;

3165

sprintf( r->u.value, "%d", algo );

3166

r->next = para;

3167

para = r;

3168

3169

if (use)

3170

{

3171

r = xmalloc_clear( sizeof *r + 25 );

3187

r->next = para;

3188

para = r;

3189

}

3190

3191

expire = ask_expire_interval(0,NULL);

3192

r = xmalloc_clear( sizeof *r + 20 );

3193

r->key = pKEYEXPIRE;

3201

para = r;

3202

3203

uid = ask_user_id (0, NULL);

3204

if( !uid )

3204

if( !uid )

3205

{

3206

log_error(_("Key generation canceled.\n"));

3207

release_parameter_list( para );

3212

strcpy( r->u.value, uid );

3213

r->next = para;

3214

para = r;

3215

3216

canceled = 0;

3217

dek = card_serialno? NULL : do_ask_passphrase (&s2k, 0, &canceled);

3218

if( dek )

3229

para = r;

3230

}

3231

3232

if (canceled)

3232

if (canceled)

3233

log_error (_("Key generation canceled.\n"));

3234

else

3235

proc_parameter_file( para, "[internal]", &outctrl, !!card_serialno);

3266

log_info (_("keysize invalid; using %u bits\n"), nbits );

3267

}

3268

3269

if ((nbits % 32))

3269

if ((nbits % 32))

3270

{

3271

nbits = ((nbits + 31) / 32) * 32;

3272

log_info(_("keysize rounded up to %u bits\n"), nbits );

3304

}

3305

rc = key_from_sexp (sk->skey, s_key, "private-key", "nedpqu");

3306

gcry_sexp_release (s_key);

3307

if (rc)

3307

if (rc)

3308

{

3309

log_error ("key_from_sexp failed: %s\n", gpg_strerror (rc) );

3310

goto leave;

3311

}

3312

3313

for (i=npkey; i < nskey; i++)

3314

sk->csum += checksum_mpi (sk->skey[i]);

3315

3316

if (r_sk_unprotected)

3316

if (r_sk_unprotected)

3317

*r_sk_unprotected = copy_secret_key (NULL, sk);

3318

3319

rc = genhelp_protect (dek, s2k, sk);

3366

log_info("dry-run mode - key generation skipped\n");

3367

return;

3368

}

3369

3370

if ( outctrl->use_files )

3369

3370

if ( outctrl->use_files )

3371

{

3372

if ( outctrl->pub.newfname )

3372

if ( outctrl->pub.newfname )

3373

{

3374

iobuf_close(outctrl->pub.stream);

3375

outctrl->pub.stream = NULL;

3378

xfree( outctrl->pub.fname );

3379

outctrl->pub.fname = outctrl->pub.newfname;

3380

outctrl->pub.newfname = NULL;

3381

3382

if (is_secured_filename (outctrl->pub.fname) )

3381

3382

if (is_secured_filename (outctrl->pub.fname) )

3383

{

3384

outctrl->pub.stream = NULL;

3385

errno = EPERM;

3401

if (outctrl->sec.newfname)

3402

{

3403

mode_t oldmask;

3404

3405

iobuf_close(outctrl->sec.stream);

3406

outctrl->sec.stream = NULL;

3407

if (outctrl->sec.fname)

3449

structure we create is known in advance we simply generate a

3450

linked list. The first packet is a dummy packet which we flag as

3451

deleted. The very first packet must always be a KEY packet. */

3452

3453

start_tree (&pub_root);

3454

start_tree (&sec_root);

3455

3517

rc = gen_card_key (PUBKEY_ALGO_RSA, 3, 0, pub_root, sec_root, NULL,

3518

&timestamp,

3519

get_parameter_u32 (para, pKEYEXPIRE), para);

3520

3521

if (!rc)

3522

rc = write_keybinding (pub_root, pub_root, pri_sk, sub_sk,

3523

PUBKEY_USAGE_AUTH, timestamp);

3578

rc = write_keyblock( outctrl->pub.stream, pub_root );

3579

if (rc)

3580

log_error ("can't write public key: %s\n", g10_errstr(rc) );

3581

if (!rc)

3581

if (!rc)

3582

{

3583

rc = write_keyblock( outctrl->sec.stream, sec_root );

3584

if(rc)

3591

KEYDB_HANDLE sec_hd = keydb_new (1);

3592

3593

rc = keydb_locate_writable (pub_hd, NULL);

3594

if (rc)

3594

if (rc)

3595

log_error (_("no writable public keyring found: %s\n"),

3596

g10_errstr (rc));

3597

3598

if (!rc)

3599

{

3598

if (!rc)

3599

{

3600

rc = keydb_locate_writable (sec_hd, NULL);

3601

if (rc)

3601

if (rc)

3602

log_error (_("no writable secret keyring found: %s\n"),

3603

g10_errstr (rc));

3604

}

3605

3606

if (!rc && opt.verbose)

3607

{

3608

log_info (_("writing public key to `%s'\n"),

3614

log_info (_("writing secret key to `%s'\n"),

3615

keydb_get_resource_name (sec_hd));

3616

}

3617

3618

if (!rc)

3617

3618

if (!rc)

3619

{

3620

rc = keydb_insert_keyblock (pub_hd, pub_root);

3621

if (rc)

3622

log_error (_("error writing public keyring `%s': %s\n"),

3623

keydb_get_resource_name (pub_hd), g10_errstr(rc));

3624

}

3625

3626

if (!rc)

3627

{

3628

rc = keydb_insert_keyblock (sec_hd, sec_root);

3633

3634

keydb_release (pub_hd);

3635

keydb_release (sec_hd);

3636

3637

if (!rc)

3638

{

3639

int no_enc_rsa;

3653

update_ownertrust (pk, ((get_ownertrust (pk) & ~TRUST_MASK)

3654

| TRUST_ULTIMATE ));

3655

3656

if (!opt.batch)

3656

if (!opt.batch)

3657

{

3658

tty_printf (_("public and secret key created and signed.\n") );

3659

tty_printf ("\n");

3660

list_keyblock(pub_root,0,1,NULL);

3661

}

3662

3663

3662

3663

3664

if (!opt.batch

3665

&& (get_parameter_algo (para, pKEYTYPE, NULL) == PUBKEY_ALGO_DSA

3666

|| no_enc_rsa )

3685

}

3686

else

3687

{

3688

PKT_public_key *pk = find_kbnode (pub_root,

3688

PKT_public_key *pk = find_kbnode (pub_root,

3689

PKT_PUBLIC_KEY)->pkt->pkt.public_key;

3690

print_status_key_created (did_sub? 'B':'P', pk,

3691

get_parameter_value (para, pHANDLE));

3692

}

3693

release_kbnode( pub_root );

3694

release_kbnode( sec_root );

3695

3696

if (pri_sk && !card) /* The unprotected secret key unless we */

3697

free_secret_key (pri_sk); /* have a shallow copy in card mode. */

3698

if (sub_sk)

3721

3722

/* Break out the primary secret key. */

3723

node = find_kbnode( sec_keyblock, PKT_SECRET_KEY );

3724

if( !node )

3724

if( !node )

3725

{

3726

log_error ("Oops; secret key not found anymore!\n");

3727

goto leave;

3728

}

3729

3730

/* Make a copy of the sk to keep the protected one in the keyblock. */

3731

pri_sk = copy_secret_key (NULL, node->pkt->pkt.secret_key);

3732

3746

}

3747

}

3748

3749

if (pri_sk->version < 4)

3749

if (pri_sk->version < 4)

3750

{

3751

log_info (_("NOTE: creating subkeys for v3 keys "

3752

"is not OpenPGP compliant\n"));

3791

if (!cpr_enabled() && !cpr_get_answer_is_yes("keygen.sub.okay",

3792

_("Really create? (y/N) ")))

3793

goto leave;

3794

3795

canceled = 0;

3796

if (ask_pass)

3797

dek = do_ask_passphrase (&s2k, 0, &canceled);

3804

dek = passphrase_to_dek (NULL, 0, opt.s2k_cipher_algo, s2k, 2,

3805

NULL, NULL );

3806

}

3807

3808

if (canceled)

3809

rc = GPG_ERR_CANCELED;

3810

3811

if (!rc)

3812

rc = do_create (algo, nbits, pub_keyblock, sec_keyblock,

3813

dek, s2k, &sub_sk, cur_time, expire, 1 );

3814

if (!rc)

3815

rc = write_keybinding (pub_keyblock, pub_keyblock, pri_sk, sub_sk,

3815

rc = write_keybinding (pub_keyblock, pub_keyblock, pri_sk, sub_sk,

3816

use, cur_time);

3817

if (!rc)

3818

rc = write_keybinding (sec_keyblock, pub_keyblock, pri_sk, sub_sk,

3818

rc = write_keybinding (sec_keyblock, pub_keyblock, pri_sk, sub_sk,

3819

use, cur_time);

3820

if (!rc)

3820

if (!rc)

3821

{

3822

okay = 1;

3823

write_status_text (STATUS_KEY_CREATED, "S");

3933

rc = gen_card_key (algo, keyno, 0, pub_keyblock, sec_keyblock,

3934

&sub_sk, &cur_time, expire, para);

3935

if (!rc)

3936

rc = write_keybinding (pub_keyblock, pub_keyblock, pri_sk, sub_sk,

3936

rc = write_keybinding (pub_keyblock, pub_keyblock, pri_sk, sub_sk,

3937

use, cur_time);

3938

if (!rc)

3939

rc = write_keybinding (sec_keyblock, pub_keyblock, pri_sk, sub_sk,

3939

rc = write_keybinding (sec_keyblock, pub_keyblock, pri_sk, sub_sk,

3940

use, cur_time);

3941

if (!rc)

3942

{

3997

PKT_public_key *pk;

3998

3999

assert (algo == PUBKEY_ALGO_RSA);

4000

4001

/* Fixme: We don't have the serialnumber available, thus passing NULL. */

4002

rc = agent_scd_genkey (&info, keyno, 1, NULL, *timestamp);

4003

/* if (gpg_err_code (rc) == GPG_ERR_EEXIST) */

4022

gcry_mpi_release (info.e);

4023

return gpg_error (GPG_ERR_GENERAL);

4024

}

4025

4026

if (*timestamp != info.created_at)

4027

log_info ("Note that the key does not use the suggested creation date\n");

4028

*timestamp = info.created_at;

4035

sk->expiredate = pk->expiredate = pk->timestamp + expireval;

4036

sk->pubkey_algo = pk->pubkey_algo = algo;

4037

pk->pkey[0] = info.n;

4038

pk->pkey[1] = info.e;

4038

pk->pkey[1] = info.e;

4039

sk->skey[0] = gcry_mpi_copy (pk->pkey[0]);

4040

sk->skey[1] = gcry_mpi_copy (pk->pkey[1]);

4041

sk->skey[2] = gcry_mpi_set_opaque (NULL, xstrdup ("dummydata"), 10*8);

4086

size_t n;

4087

int i;

4088

unsigned int nbits;

4089

4090

/* Get the size of the key directly from the card. */

4091

{

4092

struct agent_card_info_s info;

4093

4094

memset (&info, 0, sizeof info);

4095

if (!agent_scd_getattr ("KEY-ATTR", &info)

4096

&& info.key_attr[1].algo)

4156

else

4157

fp = iobuf_create (fname);

4158

umask (oldmask);

4159

if (!fp)

4159

if (!fp)

4160

{

4161

rc = gpg_error_from_syserror ();

4162

log_error (_("can't create backup file `%s': %s\n"),

4182

{

4183

unsigned char array[MAX_FINGERPRINT_LEN];

4184

char *fprbuf, *p;

4185

4186

iobuf_close (fp);

4187

iobuf_ioctl (NULL, 2, 0, (char*)fname);

4188

log_info (_("NOTE: backup of card key saved to `%s'\n"), fname);

4299

p = stpcpy (stpcpy (stpcpy (p, numbuf), numbuf2), "))");

4300

4301

/* Fixme: Unfortunately we don't have the serialnumber available -

4302

thus we can't pass it down to the agent. */

4302

thus we can't pass it down to the agent. */

4303

rc = agent_scd_writekey (keyno, NULL, sexp, p - sexp);

4304

4305

leave: