scd:piv: Implement import of private keys for Yubikeys.
authorWerner Koch <wk@gnupg.org>
Tue, 5 Mar 2019 14:49:20 +0000 (15:49 +0100)
committerWerner Koch <wk@gnupg.org>
Tue, 5 Mar 2019 14:49:20 +0000 (15:49 +0100)
commite897e1e255ef9870dfd1639d6f4e97bdf4e83b34
tree5571c7633161ca25697fa7222ea8ec64f50091ce
parentdb87132b10664718b7db6ec1dad584b54d1fb265
scd:piv: Implement import of private keys for Yubikeys.

* scd/app-piv.c (concat_tlv_list): Add arg 'secure' and adjust
 callers.
(writekey_rsa, writekey_ecc): New.
(do_writekey): New.
(do_writecert): Provide a better error message for an empty cert.
(app_select_piv): Register do_writekey.
* scd/iso7816.c (iso7816_send_apdu): New.
* scd/app-common.h (APP_WRITEKEY_FLAG_FORCE): New.
* agent/command.c (cmd_keytocard): Make the timestamp optional.
* tools/card-call-scd.c (inq_writekey_parms): Remove.
(scd_writekey): Rewrite.
* tools/gpg-card.c (cmd_writekey): New.
(enum cmdids): Add cmdWRITEKEY.
(dispatch_command, interactive_loop): Call cmd_writekey.
--

This has been tested with gpgsm and RSA keys.  For ECC keys only
partly tested using the sample OpenPGP nistp256 and nistp384 keys
because gpgsm does not yet support ECC certificates and thus we can't
write the certificates to the cert object after a writekey.  Note that
they nevertheless show up in "gpgcard list" because gpg-card searches
for them in gpg and gpgsm.  However, this does not work completely.

Signed-off-by: Werner Koch <wk@gnupg.org>
agent/call-scd.c
agent/command.c
scd/app-common.h
scd/app-piv.c
scd/iso7816.c
scd/iso7816.h
tools/card-call-scd.c
tools/gpg-card.c
tools/gpg-card.h