1 /* card-util.c - Utility functions for the OpenPGP card.
2 * Copyright (C) 2003, 2004, 2005 Free Software Foundation, Inc.
4 * This file is part of GnuPG.
6 * GnuPG is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 2 of the License, or
9 * (at your option) any later version.
11 * GnuPG is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
16 * You should have received a copy of the GNU General Public License
17 * along with this program; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
29 #if GNUPG_MAJOR_VERSION != 1
31 #endif /*GNUPG_MAJOR_VERSION != 1*/
38 #include "keyserver-internal.h"
39 #if GNUPG_MAJOR_VERSION == 1
40 #ifdef HAVE_LIBREADLINE
42 #include <readline/readline.h>
43 #endif /*HAVE_LIBREADLINE*/
45 #else /*GNUPG_MAJOR_VERSION!=1*/
46 #include "call-agent.h"
47 #endif /*GNUPG_MAJOR_VERSION!=1*/
49 #define CONTROL_D ('D' - 'A' + 1)
52 /* Change the PIN of a an OpenPGP card. This is an interactive
55 change_pin (int chvno, int allow_admin)
57 struct agent_card_info_s info;
60 rc = agent_learn (&info);
63 log_error (_("OpenPGP card not available: %s\n"),
68 log_info (_("OpenPGP card no. %s detected\n"),
69 info.serialno? info.serialno : "[none]");
71 agent_clear_pin_cache (info.serialno);
75 agent_release_card_info (&info);
76 log_error (_("can't do this in batch mode\n"));
82 rc = agent_scd_change_pin (1, info.serialno);
84 tty_printf ("Error changing the PIN: %s\n", gpg_strerror (rc));
87 write_status (STATUS_SC_OP_SUCCESS);
88 tty_printf ("PIN changed.\n");
97 tty_printf ("1 - change PIN\n"
99 "3 - change Admin PIN\n"
103 answer = cpr_get("cardutil.change_pin.menu",_("Your selection? "));
105 if (strlen (answer) != 1)
111 rc = agent_scd_change_pin (1, info.serialno);
113 tty_printf ("Error changing the PIN: %s\n", gpg_strerror (rc));
116 write_status (STATUS_SC_OP_SUCCESS);
117 tty_printf ("PIN changed.\n");
120 else if (*answer == '2')
122 rc = agent_scd_change_pin (101, info.serialno);
124 tty_printf ("Error unblocking the PIN: %s\n", gpg_strerror (rc));
127 write_status (STATUS_SC_OP_SUCCESS);
128 tty_printf ("PIN unblocked and new PIN set.\n");
131 else if (*answer == '3')
133 rc = agent_scd_change_pin (3, info.serialno);
135 tty_printf ("Error changing the PIN: %s\n", gpg_strerror (rc));
138 write_status (STATUS_SC_OP_SUCCESS);
139 tty_printf ("PIN changed.\n");
142 else if (*answer == 'q' || *answer == 'Q')
148 agent_release_card_info (&info);
152 get_manufacturer (unsigned int no)
154 /* Note: Make sure that there is no colon or linefeed in the string. */
158 case 0xffff: return "test card";
159 case 0x0001: return "PPC Card Systems";
160 case 0x0002: return "Prism";
161 default: return "unknown";
167 print_sha1_fpr (FILE *fp, const unsigned char *fpr)
173 for (i=0; i < 20 ; i+=2, fpr += 2 )
176 tty_fprintf (fp, " ");
177 tty_fprintf (fp, " %02X%02X", *fpr, fpr[1]);
181 tty_fprintf (fp, " [none]");
182 tty_fprintf (fp, "\n");
187 print_sha1_fpr_colon (FILE *fp, const unsigned char *fpr)
193 for (i=0; i < 20 ; i++, fpr++)
194 fprintf (fp, "%02X", *fpr);
201 print_name (FILE *fp, const char *text, const char *name)
203 tty_fprintf (fp, "%s", text);
205 /* FIXME: tty_printf_utf8_string2 eats everything after and
206 including an @ - e.g. when printing an url. */
210 print_utf8_string2 (fp, name, strlen (name), '\n');
212 tty_print_utf8_string2 (name, strlen (name), 0);
215 tty_fprintf (fp, _("[not set]"));
216 tty_fprintf (fp, "\n");
220 print_isoname (FILE *fp, const char *text, const char *tag, const char *name)
223 fprintf (fp, "%s:", tag);
225 tty_fprintf (fp, "%s", text);
229 char *p, *given, *buf = xstrdup (name);
231 given = strstr (buf, "<<");
235 if (given && given[2])
240 print_string (fp, given, strlen (given), ':');
242 print_utf8_string2 (fp, given, strlen (given), '\n');
244 tty_print_utf8_string2 (given, strlen (given), 0);
249 tty_fprintf (fp, " ");
253 print_string (fp, buf, strlen (buf), ':');
255 print_utf8_string2 (fp, buf, strlen (buf), '\n');
257 tty_print_utf8_string2 (buf, strlen (buf), 0);
265 tty_fprintf (fp, _("[not set]"));
271 tty_fprintf (fp, "\n");
274 /* Return true if the SHA1 fingerprint FPR consists only of zeroes. */
276 fpr_is_zero (const char *fpr)
280 for (i=0; i < 20 && !fpr[i]; i++)
286 /* Print all available information about the current card. */
288 card_status (FILE *fp, char *serialno, size_t serialnobuflen)
290 struct agent_card_info_s info;
291 PKT_public_key *pk = xcalloc (1, sizeof *pk);
294 const unsigned char *thefpr;
297 if (serialno && serialnobuflen)
300 rc = agent_learn (&info);
304 fputs ("AID:::\n", fp);
305 log_error (_("OpenPGP card not available: %s\n"),
312 fprintf (fp, "AID:%s:", info.serialno? info.serialno : "");
314 tty_fprintf (fp, "Application ID ...: %s\n",
315 info.serialno? info.serialno : "[none]");
316 if (!info.serialno || strncmp (info.serialno, "D27600012401", 12)
317 || strlen (info.serialno) != 32 )
320 fputs ("unknown:\n", fp);
321 log_info ("not an OpenPGP card\n");
322 agent_release_card_info (&info);
329 else if (strlen (serialno)+1 > serialnobuflen)
330 log_error ("serial number longer than expected\n");
332 strcpy (serialno, info.serialno);
335 fputs ("openpgp-card:\n", fp);
340 fprintf (fp, "version:%.4s:\n", info.serialno+12);
341 uval = xtoi_2(info.serialno+16)*256 + xtoi_2 (info.serialno+18);
342 fprintf (fp, "vendor:%04x:%s:\n", uval, get_manufacturer (uval));
343 fprintf (fp, "serial:%.8s:\n", info.serialno+20);
345 print_isoname (fp, "Name of cardholder: ", "name", info.disp_name);
349 print_string (fp, info.disp_lang, strlen (info.disp_lang), ':');
352 fprintf (fp, "sex:%c:\n", (info.disp_sex == 1? 'm':
353 info.disp_sex == 2? 'f' : 'u'));
357 print_string (fp, info.pubkey_url, strlen (info.pubkey_url), ':');
360 fputs ("login:", fp);
362 print_string (fp, info.login_data, strlen (info.login_data), ':');
365 fprintf (fp, "forcepin:%d:::\n", !info.chv1_cached);
366 fprintf (fp, "maxpinlen:%d:%d:%d:\n",
367 info.chvmaxlen[0], info.chvmaxlen[1], info.chvmaxlen[2]);
368 fprintf (fp, "pinretry:%d:%d:%d:\n",
369 info.chvretry[0], info.chvretry[1], info.chvretry[2]);
370 fprintf (fp, "sigcount:%lu:::\n", info.sig_counter);
372 for (i=0; i < 4; i++)
374 if (info.private_do[i])
376 fprintf (fp, "private_do:%d:", i+1);
377 print_string (fp, info.private_do[i],
378 strlen (info.private_do[i]), ':');
383 fputs ("cafpr:", fp);
384 print_sha1_fpr_colon (fp, info.cafpr1valid? info.cafpr1:NULL);
385 print_sha1_fpr_colon (fp, info.cafpr2valid? info.cafpr2:NULL);
386 print_sha1_fpr_colon (fp, info.cafpr3valid? info.cafpr3:NULL);
389 print_sha1_fpr_colon (fp, info.fpr1valid? info.fpr1:NULL);
390 print_sha1_fpr_colon (fp, info.fpr2valid? info.fpr2:NULL);
391 print_sha1_fpr_colon (fp, info.fpr3valid? info.fpr3:NULL);
393 fprintf (fp, "fprtime:%lu:%lu:%lu:\n",
394 (unsigned long)info.fpr1time, (unsigned long)info.fpr2time,
395 (unsigned long)info.fpr3time);
399 tty_fprintf (fp, "Version ..........: %.1s%c.%.1s%c\n",
400 info.serialno[12] == '0'?"":info.serialno+12,
402 info.serialno[14] == '0'?"":info.serialno+14,
404 tty_fprintf (fp, "Manufacturer .....: %s\n",
405 get_manufacturer (xtoi_2(info.serialno+16)*256
406 + xtoi_2 (info.serialno+18)));
407 tty_fprintf (fp, "Serial number ....: %.8s\n", info.serialno+20);
409 print_isoname (fp, "Name of cardholder: ", "name", info.disp_name);
410 print_name (fp, "Language prefs ...: ", info.disp_lang);
411 tty_fprintf (fp, "Sex ..............: %s\n",
412 info.disp_sex == 1? _("male"):
413 info.disp_sex == 2? _("female") : _("unspecified"));
414 print_name (fp, "URL of public key : ", info.pubkey_url);
415 print_name (fp, "Login data .......: ", info.login_data);
416 if (info.private_do[0])
417 print_name (fp, "Private DO 1 .....: ", info.private_do[0]);
418 if (info.private_do[1])
419 print_name (fp, "Private DO 2 .....: ", info.private_do[1]);
420 if (info.private_do[2])
421 print_name (fp, "Private DO 3 .....: ", info.private_do[2]);
422 if (info.private_do[3])
423 print_name (fp, "Private DO 4 .....: ", info.private_do[3]);
424 if (info.cafpr1valid)
426 tty_fprintf (fp, "CA fingerprint %d .:", 1);
427 print_sha1_fpr (fp, info.cafpr1);
429 if (info.cafpr2valid)
431 tty_fprintf (fp, "CA fingerprint %d .:", 2);
432 print_sha1_fpr (fp, info.cafpr2);
434 if (info.cafpr3valid)
436 tty_fprintf (fp, "CA fingerprint %d .:", 3);
437 print_sha1_fpr (fp, info.cafpr3);
439 tty_fprintf (fp, "Signature PIN ....: %s\n",
440 info.chv1_cached? _("not forced"): _("forced"));
441 tty_fprintf (fp, "Max. PIN lengths .: %d %d %d\n",
442 info.chvmaxlen[0], info.chvmaxlen[1], info.chvmaxlen[2]);
443 tty_fprintf (fp, "PIN retry counter : %d %d %d\n",
444 info.chvretry[0], info.chvretry[1], info.chvretry[2]);
445 tty_fprintf (fp, "Signature counter : %lu\n", info.sig_counter);
446 tty_fprintf (fp, "Signature key ....:");
447 print_sha1_fpr (fp, info.fpr1valid? info.fpr1:NULL);
448 if (info.fpr1valid && info.fpr1time)
449 tty_fprintf (fp, " created ....: %s\n",
450 isotimestamp (info.fpr1time));
451 tty_fprintf (fp, "Encryption key....:");
452 print_sha1_fpr (fp, info.fpr2valid? info.fpr2:NULL);
453 if (info.fpr2valid && info.fpr2time)
454 tty_fprintf (fp, " created ....: %s\n",
455 isotimestamp (info.fpr2time));
456 tty_fprintf (fp, "Authentication key:");
457 print_sha1_fpr (fp, info.fpr3valid? info.fpr3:NULL);
458 if (info.fpr3valid && info.fpr3time)
459 tty_fprintf (fp, " created ....: %s\n",
460 isotimestamp (info.fpr3time));
461 tty_fprintf (fp, "General key info..: ");
463 thefpr = (info.fpr1valid? info.fpr1 : info.fpr2valid? info.fpr2 :
464 info.fpr3valid? info.fpr3 : NULL);
465 if ( thefpr && !get_pubkey_byfprint (pk, thefpr, 20))
467 KBNODE keyblock = NULL;
469 print_pubkey_info (fp, pk);
471 if ( !get_seckeyblock_byfprint (&keyblock, thefpr, 20) )
472 print_card_key_info (fp, keyblock);
473 else if ( !get_keyblock_byfprint (&keyblock, thefpr, 20) )
475 release_kbnode (keyblock);
478 if (!auto_create_card_key_stub (info.serialno,
479 info.fpr1valid? info.fpr1:NULL,
480 info.fpr2valid? info.fpr2:NULL,
481 info.fpr3valid? info.fpr3:NULL))
483 if ( !get_seckeyblock_byfprint (&keyblock, thefpr, 20) )
484 print_card_key_info (fp, keyblock);
488 release_kbnode (keyblock);
491 tty_fprintf (fp, "[none]\n");
494 free_public_key (pk);
495 agent_release_card_info (&info);
500 get_one_name (const char *prompt1, const char *prompt2)
507 name = cpr_get (prompt1, prompt2);
512 for (i=0; name[i] && name[i] >= ' ' && name[i] <= 126; i++)
515 /* The name must be in Latin-1 and not UTF-8 - lacking the code
516 to ensure this we restrict it to ASCII. */
518 tty_printf (_("Error: Only plain ASCII is currently allowed.\n"));
519 else if (strchr (name, '<'))
520 tty_printf (_("Error: The \"<\" character may not be used.\n"));
521 else if (strstr (name, " "))
522 tty_printf (_("Error: Double spaces are not allowed.\n"));
534 char *surname = NULL, *givenname = NULL;
538 surname = get_one_name ("keygen.smartcard.surname",
539 _("Cardholder's surname: "));
540 givenname = get_one_name ("keygen.smartcard.givenname",
541 _("Cardholder's given name: "));
542 if (!surname || !givenname || (!*surname && !*givenname))
546 return -1; /*canceled*/
549 isoname = xmalloc ( strlen (surname) + 2 + strlen (givenname) + 1);
550 strcpy (stpcpy (stpcpy (isoname, surname), "<<"), givenname);
553 for (p=isoname; *p; p++)
557 if (strlen (isoname) > 39 )
559 tty_printf (_("Error: Combined name too long "
560 "(limit is %d characters).\n"), 39);
565 rc = agent_scd_setattr ("DISP-NAME", isoname, strlen (isoname), NULL );
567 log_error ("error setting Name: %s\n", gpg_strerror (rc));
580 url = cpr_get ("cardedit.change_url", _("URL to retrieve public key: "));
586 if (strlen (url) > 254 )
588 tty_printf (_("Error: URL too long "
589 "(limit is %d characters).\n"), 254);
594 rc = agent_scd_setattr ("PUBKEY-URL", url, strlen (url), NULL );
596 log_error ("error setting URL: %s\n", gpg_strerror (rc));
602 /* Fetch the key from the URL given on the card or try to get it from
603 the default keyserver. */
607 #if GNUPG_MAJOR_VERSION == 1
609 struct agent_card_info_s info;
611 memset(&info,0,sizeof(info));
613 rc=agent_scd_getattr("PUBKEY-URL",&info);
615 log_error("error retrieving URL from card: %s\n",gpg_strerror(rc));
618 struct keyserver_spec *spec=NULL;
620 rc=agent_scd_getattr("KEY-FPR",&info);
622 log_error("error retrieving key fingerprint from card: %s\n",
624 else if (info.pubkey_url && *info.pubkey_url)
626 spec=parse_keyserver_uri(info.pubkey_url,1,NULL,0);
627 if(spec && info.fpr1valid)
629 /* This is not perfectly right. Currently, all card
630 fingerprints are 20 digits, but what about
631 fingerprints for a future v5 key? We should get the
632 length from somewhere lower in the code. In any
633 event, the fpr/keyid is not meaningful for straight
634 HTTP fetches, but using it allows the card to point
635 to HKP and LDAP servers as well. */
636 rc=keyserver_import_fprint(info.fpr1,20,spec);
637 free_keyserver_spec(spec);
640 else if (info.fpr1valid)
642 rc = keyserver_import_fprint (info.fpr1, 20, opt.keyserver);
654 change_login (const char *args)
660 if (args && *args == '<') /* Read it from a file */
664 for (args++; spacep (args); args++)
666 fp = fopen (args, "rb");
667 #if GNUPG_MAJOR_VERSION == 1
668 if (fp && is_secured_file (fileno (fp)))
677 tty_printf (_("can't open `%s': %s\n"), args, strerror (errno));
681 data = xmalloc (254);
682 n = fread (data, 1, 254, fp);
686 tty_printf (_("error reading `%s': %s\n"), args, strerror (errno));
693 data = cpr_get ("cardedit.change_login",
694 _("Login data (account name): "));
704 tty_printf (_("Error: Login data too long "
705 "(limit is %d characters).\n"), 254);
710 rc = agent_scd_setattr ("LOGIN-DATA", data, n, NULL );
712 log_error ("error setting login data: %s\n", gpg_strerror (rc));
718 change_private_do (const char *args, int nr)
720 char do_name[] = "PRIVATE-DO-X";
725 assert (nr >= 1 && nr <= 4);
726 do_name[11] = '0' + nr;
728 if (args && (args = strchr (args, '<'))) /* Read it from a file */
732 /* Fixme: Factor this duplicated code out. */
733 for (args++; spacep (args); args++)
735 fp = fopen (args, "rb");
736 #if GNUPG_MAJOR_VERSION == 1
737 if (fp && is_secured_file (fileno (fp)))
746 tty_printf (_("can't open `%s': %s\n"), args, strerror (errno));
750 data = xmalloc (254);
751 n = fread (data, 1, 254, fp);
755 tty_printf (_("error reading `%s': %s\n"), args, strerror (errno));
762 data = cpr_get ("cardedit.change_private_do",
763 _("Private DO data: "));
773 tty_printf (_("Error: Private DO too long "
774 "(limit is %d characters).\n"), 254);
779 rc = agent_scd_setattr (do_name, data, n, NULL );
781 log_error ("error setting private DO: %s\n", gpg_strerror (rc));
792 data = cpr_get ("cardedit.change_lang",
793 _("Language preferences: "));
799 if (strlen (data) > 8 || (strlen (data) & 1))
801 tty_printf (_("Error: invalid length of preference string.\n"));
806 for (p=data; *p && *p >= 'a' && *p <= 'z'; p++)
810 tty_printf (_("Error: invalid characters in preference string.\n"));
815 rc = agent_scd_setattr ("DISP-LANG", data, strlen (data), NULL );
817 log_error ("error setting lang: %s\n", gpg_strerror (rc));
830 data = cpr_get ("cardedit.change_sex",
831 _("Sex ((M)ale, (F)emale or space): "));
839 else if ((*data == 'M' || *data == 'm') && !data[1])
841 else if ((*data == 'F' || *data == 'f') && !data[1])
845 tty_printf (_("Error: invalid response.\n"));
850 rc = agent_scd_setattr ("DISP-SEX", str, 1, NULL );
852 log_error ("error setting sex: %s\n", gpg_strerror (rc));
859 change_cafpr (int fprno)
864 unsigned char fpr[20];
866 data = cpr_get ("cardedit.change_cafpr", _("CA fingerprint: "));
872 for (i=0, s=data; i < 20 && *s; )
889 tty_printf (_("Error: invalid formatted fingerprint.\n"));
893 rc = agent_scd_setattr (fprno==1?"CA-FPR-1":
895 fprno==3?"CA-FPR-3":"x", fpr, 20, NULL );
897 log_error ("error setting cafpr: %s\n", gpg_strerror (rc));
904 toggle_forcesig (void)
906 struct agent_card_info_s info;
910 memset (&info, 0, sizeof info);
911 rc = agent_scd_getattr ("CHV-STATUS", &info);
914 log_error ("error getting current status: %s\n", gpg_strerror (rc));
917 newstate = !info.chv1_cached;
918 agent_release_card_info (&info);
920 rc = agent_scd_setattr ("CHV-STATUS-1", newstate? "\x01":"", 1, NULL);
922 log_error ("error toggling signature PIN flag: %s\n", gpg_strerror (rc));
926 /* Helper for the key generation/edit functions. */
928 get_info_for_key_operation (struct agent_card_info_s *info)
932 memset (info, 0, sizeof *info);
933 rc = agent_scd_getattr ("SERIALNO", info);
934 if (rc || !info->serialno || strncmp (info->serialno, "D27600012401", 12)
935 || strlen (info->serialno) != 32 )
937 log_error (_("key operation not possible: %s\n"),
938 rc ? gpg_strerror (rc) : _("not an OpenPGP card"));
941 rc = agent_scd_getattr ("KEY-FPR", info);
943 rc = agent_scd_getattr ("CHV-STATUS", info);
945 rc = agent_scd_getattr ("DISP-NAME", info);
947 log_error (_("error getting current key info: %s\n"), gpg_strerror (rc));
952 /* Helper for the key generation/edit functions. */
954 check_pin_for_key_operation (struct agent_card_info_s *info, int *forced_chv1)
958 agent_clear_pin_cache (info->serialno);
960 *forced_chv1 = !info->chv1_cached;
962 { /* Switch of the forced mode so that during key generation we
963 don't get bothered with PIN queries for each
965 rc = agent_scd_setattr ("CHV-STATUS-1", "\x01", 1, info->serialno);
968 log_error ("error clearing forced signature PIN flag: %s\n",
976 /* Check the PIN now, so that we won't get asked later for each
977 binding signature. */
978 rc = agent_scd_checkpin (info->serialno);
980 log_error ("error checking the PIN: %s\n", gpg_strerror (rc));
985 /* Helper for the key generation/edit functions. */
987 restore_forced_chv1 (int *forced_chv1)
992 { /* Switch back to forced state. */
993 rc = agent_scd_setattr ("CHV-STATUS-1", "", 1, NULL);
996 log_error ("error setting forced signature PIN flag: %s\n",
1002 #if GNUPG_MAJOR_VERSION == 1
1003 /* Helper for the key generation/edit functions. */
1005 show_card_key_info (struct agent_card_info_s *info)
1007 tty_fprintf (NULL, "Signature key ....:");
1008 print_sha1_fpr (NULL, info->fpr1valid? info->fpr1:NULL);
1009 tty_fprintf (NULL, "Encryption key....:");
1010 print_sha1_fpr (NULL, info->fpr2valid? info->fpr2:NULL);
1011 tty_fprintf (NULL, "Authentication key:");
1012 print_sha1_fpr (NULL, info->fpr3valid? info->fpr3:NULL);
1017 #if GNUPG_MAJOR_VERSION == 1
1018 /* Helper for the key generation/edit functions. */
1020 replace_existing_key_p (struct agent_card_info_s *info, int keyno)
1022 assert (keyno >= 0 && keyno <= 3);
1024 if ((keyno == 1 && info->fpr1valid)
1025 || (keyno == 2 && info->fpr2valid)
1026 || (keyno == 3 && info->fpr3valid))
1029 log_info ("WARNING: such a key has already been stored on the card!\n");
1031 if ( !cpr_get_answer_is_yes( "cardedit.genkeys.replace_key",
1032 _("Replace existing key? (y/N) ")))
1041 generate_card_keys (const char *serialno)
1043 struct agent_card_info_s info;
1047 if (get_info_for_key_operation (&info))
1050 #if GNUPG_MAJOR_VERSION == 1
1052 char *answer=cpr_get("cardedit.genkeys.backup_enc",
1053 _("Make off-card backup of encryption key? (Y/n) "));
1055 want_backup=answer_is_yes_no_default(answer,1);
1060 want_backup = cpr_get_answer_is_yes
1061 ( "cardedit.genkeys.backup_enc",
1062 _("Make off-card backup of encryption key? (Y/n) "));
1063 /*FIXME: we need answer_is_yes_no_default()*/
1066 if ( (info.fpr1valid && !fpr_is_zero (info.fpr1))
1067 || (info.fpr2valid && !fpr_is_zero (info.fpr2))
1068 || (info.fpr3valid && !fpr_is_zero (info.fpr3)))
1071 log_info ("NOTE: keys are already stored on the card!\n");
1073 if ( !cpr_get_answer_is_yes( "cardedit.genkeys.replace_keys",
1074 _("Replace existing keys? (y/N) ")))
1076 agent_release_card_info (&info);
1080 else if (!info.disp_name || !*info.disp_name)
1083 tty_printf (_("Please note that the factory settings of the PINs are\n"
1084 " PIN = `%s' Admin PIN = `%s'\n"
1085 "You should change them using the command --change-pin\n"),
1086 "123456", "12345678");
1090 if (check_pin_for_key_operation (&info, &forced_chv1))
1093 #if GNUPG_MAJOR_VERSION == 1
1094 generate_keypair (NULL, info.serialno,
1095 want_backup? opt.homedir:NULL);
1097 generate_keypair (NULL, info.serialno);
1101 agent_release_card_info (&info);
1102 restore_forced_chv1 (&forced_chv1);
1106 /* This function is used by the key edit menu to generate an arbitrary
1109 card_generate_subkey (KBNODE pub_keyblock, KBNODE sec_keyblock)
1111 #if GNUPG_MAJOR_VERSION == 1
1112 struct agent_card_info_s info;
1114 int forced_chv1 = 0;
1117 if (get_info_for_key_operation (&info))
1120 show_card_key_info (&info);
1122 tty_printf (_("Please select the type of key to generate:\n"));
1124 tty_printf (_(" (1) Signature key\n"));
1125 tty_printf (_(" (2) Encryption key\n"));
1126 tty_printf (_(" (3) Authentication key\n"));
1130 char *answer = cpr_get ("cardedit.genkeys.subkeytype",
1131 _("Your selection? "));
1133 if (*answer == CONTROL_D)
1138 keyno = *answer? atoi(answer): 0;
1140 if (keyno >= 1 && keyno <= 3)
1142 tty_printf(_("Invalid selection.\n"));
1145 if (replace_existing_key_p (&info, keyno))
1148 if (check_pin_for_key_operation (&info, &forced_chv1))
1151 okay = generate_card_subkeypair (pub_keyblock, sec_keyblock,
1152 keyno, info.serialno);
1155 agent_release_card_info (&info);
1156 restore_forced_chv1 (&forced_chv1);
1164 /* Store the key at NODE into the smartcard and modify NODE to
1165 carry the serialno stuff instead of the actual secret key
1166 parameters. USE is the usage for that key; 0 means any
1169 card_store_subkey (KBNODE node, int use)
1171 #if GNUPG_MAJOR_VERSION == 1
1172 struct agent_card_info_s info;
1176 PKT_secret_key *copied_sk = NULL;
1182 assert (node->pkt->pkttype == PKT_SECRET_KEY
1183 || node->pkt->pkttype == PKT_SECRET_SUBKEY);
1184 sk = node->pkt->pkt.secret_key;
1186 if (get_info_for_key_operation (&info))
1189 show_card_key_info (&info);
1191 if (!is_RSA (sk->pubkey_algo) || nbits_from_sk (sk) != 1024 )
1193 tty_printf ("You may only store a 1024 bit RSA key on the card\n");
1198 allow_keyno[0] = (!use || (use & (PUBKEY_USAGE_SIG)));
1199 allow_keyno[1] = (!use || (use & (PUBKEY_USAGE_ENC)));
1200 allow_keyno[2] = (!use || (use & (PUBKEY_USAGE_SIG|PUBKEY_USAGE_AUTH)));
1202 tty_printf (_("Please select where to store the key:\n"));
1205 tty_printf (_(" (1) Signature key\n"));
1207 tty_printf (_(" (2) Encryption key\n"));
1209 tty_printf (_(" (3) Authentication key\n"));
1213 char *answer = cpr_get ("cardedit.genkeys.storekeytype",
1214 _("Your selection? "));
1216 if (*answer == CONTROL_D || !*answer)
1221 keyno = *answer? atoi(answer): 0;
1223 if (keyno >= 1 && keyno <= 3 && allow_keyno[keyno-1])
1225 tty_printf(_("Invalid selection.\n"));
1228 if (replace_existing_key_p (&info, keyno))
1231 /* Unprotect key. */
1232 switch (is_secret_key_protected (sk) )
1234 case 0: /* Not protected. */
1237 log_error (_("unknown key protection algorithm\n"));
1240 if (sk->protect.s2k.mode == 1001)
1242 log_error (_("secret parts of key are not available\n"));
1245 if (sk->protect.s2k.mode == 1002)
1247 log_error (_("secret key already stored on a card\n"));
1250 /* We better copy the key before we unprotect it. */
1251 copied_sk = sk = copy_secret_key (NULL, sk);
1252 rc = check_secret_key (sk, 0);
1257 rc = save_unprotected_key_to_card (sk, keyno);
1261 /* Get back to the maybe protected original secret key. */
1264 free_secret_key (copied_sk);
1267 sk = node->pkt->pkt.secret_key;
1269 /* Get rid of the secret key parameters and store the serial numer. */
1270 n = pubkey_get_nskey (sk->pubkey_algo);
1271 for (i=pubkey_get_npkey (sk->pubkey_algo); i < n; i++)
1273 mpi_free (sk->skey[i]);
1276 i = pubkey_get_npkey (sk->pubkey_algo);
1277 sk->skey[i] = mpi_set_opaque (NULL, xstrdup ("dummydata"), 10);
1278 sk->is_protected = 1;
1279 sk->protect.s2k.mode = 1002;
1281 for (sk->protect.ivlen=0; sk->protect.ivlen < 16 && *s && s[1];
1282 sk->protect.ivlen++, s += 2)
1283 sk->protect.iv[sk->protect.ivlen] = xtoi_2 (s);
1289 free_secret_key (copied_sk);
1290 agent_release_card_info (&info);
1299 /* Data used by the command parser. This needs to be outside of the
1300 function scope to allow readline based command completion. */
1304 cmdQUIT, cmdADMIN, cmdHELP, cmdLIST, cmdDEBUG, cmdVERIFY,
1305 cmdNAME, cmdURL, cmdFETCH, cmdLOGIN, cmdLANG, cmdSEX, cmdCAFPR,
1306 cmdFORCESIG, cmdGENERATE, cmdPASSWD, cmdPRIVATEDO,
1318 { "quit" , cmdQUIT , 0, N_("quit this menu")},
1319 { "q" , cmdQUIT , 0, NULL },
1320 { "admin" , cmdADMIN , 0, N_("show admin commands")},
1321 { "help" , cmdHELP , 0, N_("show this help")},
1322 { "?" , cmdHELP , 0, NULL },
1323 { "list" , cmdLIST , 0, N_("list all available data")},
1324 { "l" , cmdLIST , 0, NULL },
1325 { "debug" , cmdDEBUG , 0, NULL },
1326 { "name" , cmdNAME , 1, N_("change card holder's name")},
1327 { "url" , cmdURL , 1, N_("change URL to retrieve key")},
1328 { "fetch" , cmdFETCH , 0, N_("fetch the key specified in the card URL")},
1329 { "login" , cmdLOGIN , 1, N_("change the login name")},
1330 { "lang" , cmdLANG , 1, N_("change the language preferences")},
1331 { "sex" , cmdSEX , 1, N_("change card holder's sex")},
1332 { "cafpr" , cmdCAFPR , 1, N_("change a CA fingerprint")},
1333 { "forcesig", cmdFORCESIG, 1, N_("toggle the signature force PIN flag")},
1334 { "generate", cmdGENERATE, 1, N_("generate new keys")},
1335 { "passwd" , cmdPASSWD, 0, N_("menu to change or unblock the PIN")},
1336 { "verify" , cmdVERIFY, 0, N_("verify the PIN and list all data")},
1337 /* Note, that we do not announce this command yet. */
1338 { "privatedo", cmdPRIVATEDO, 0, NULL },
1339 { NULL, cmdINVCMD, 0, NULL }
1343 #if GNUPG_MAJOR_VERSION == 1 && defined (HAVE_LIBREADLINE)
1345 /* These two functions are used by readline for command completion. */
1348 command_generator(const char *text,int state)
1350 static int list_index,len;
1353 /* If this is a new word to complete, initialize now. This includes
1354 saving the length of TEXT for efficiency, and initializing the
1355 index variable to 0. */
1362 /* Return the next partial match */
1363 while((name=cmds[list_index].name))
1365 /* Only complete commands that have help text */
1366 if(cmds[list_index++].desc && strncmp(name,text,len)==0)
1367 return strdup(name);
1374 card_edit_completion(const char *text, int start, int end)
1376 /* If we are at the start of a line, we try and command-complete.
1377 If not, just do nothing for now. */
1380 return rl_completion_matches(text,command_generator);
1382 rl_attempted_completion_over=1;
1386 #endif /* GNUPG_MAJOR_VERSION == 1 && HAVE_LIBREADLINE */
1388 /* Menu to edit all user changeable values on an OpenPGP card. Only
1389 Key creation is not handled here. */
1391 card_edit (STRLIST commands)
1393 enum cmdids cmd = cmdNOP;
1394 int have_commands = !!commands;
1396 char *answer = NULL;
1397 int did_checkpin = 0, allow_admin=0;
1398 char serialnobuf[50];
1401 if (opt.command_fd != -1)
1403 else if (opt.batch && !have_commands)
1405 log_error(_("can't do this in batch mode\n"));
1412 const char *arg_string = "";
1420 if (opt.with_colons)
1422 card_status (stdout, serialnobuf, DIM (serialnobuf));
1427 card_status (NULL, serialnobuf, DIM (serialnobuf));
1440 answer = xstrdup (commands->d);
1441 commands = commands->next;
1445 answer = xstrdup ("quit");
1453 #if GNUPG_MAJOR_VERSION == 1
1454 tty_enable_completion (card_edit_completion);
1456 answer = cpr_get_no_help("cardedit.prompt", _("Command> "));
1458 #if GNUPG_MAJOR_VERSION == 1
1459 tty_disable_completion ();
1462 trim_spaces(answer);
1464 while ( *answer == '#' );
1466 arg_number = 0; /* Yes, here is the init which egcc complains about */
1469 cmd = cmdLIST; /* Default to the list command */
1470 else if (*answer == CONTROL_D)
1474 if ((p=strchr (answer,' ')))
1477 trim_spaces (answer);
1479 arg_number = atoi(p);
1483 for (i=0; cmds[i].name; i++ )
1484 if (!ascii_strcasecmp (answer, cmds[i].name ))
1488 cmd_admin_only = cmds[i].admin_only;
1491 if (!allow_admin && cmd_admin_only)
1494 tty_printf (_("Admin-only command\n"));
1501 for (i=0; cmds[i].name; i++ )
1503 && (!cmds[i].admin_only || (cmds[i].admin_only && allow_admin)))
1504 tty_printf("%-10s %s\n", cmds[i].name, _(cmds[i].desc) );
1508 if ( !strcmp (arg_string, "on") )
1510 else if ( !strcmp (arg_string, "off") )
1512 else if ( !strcmp (arg_string, "verify") )
1514 /* Force verification of the Admin Command. However,
1515 this is only done if the retry counter is at initial
1517 char *tmp = xmalloc (strlen (serialnobuf) + 6 + 1);
1518 strcpy (stpcpy (tmp, serialnobuf), "[CHV3]");
1519 allow_admin = !agent_scd_checkpin (tmp);
1523 allow_admin=!allow_admin;
1525 tty_printf(_("Admin commands are allowed\n"));
1527 tty_printf(_("Admin commands are not allowed\n"));
1531 agent_scd_checkpin (serialnobuf);
1552 change_login (arg_string);
1564 if ( arg_number < 1 || arg_number > 3 )
1565 tty_printf ("usage: cafpr N\n"
1568 change_cafpr (arg_number);
1572 if ( arg_number < 1 || arg_number > 4 )
1573 tty_printf ("usage: privatedo N\n"
1576 change_private_do (arg_string, arg_number);
1584 generate_card_keys (serialnobuf);
1588 change_pin (0, allow_admin);
1589 did_checkpin = 0; /* Need to reset it of course. */
1601 tty_printf (_("Invalid command (try \"help\")\n"));
1603 } /* End command switch. */
1604 } /* End of main menu loop. */
projects / gnupg.git / blob