pkcs15init-openpgp: Support for private key import in pkcs15init.
Example command: pkcs15-init --delete-objects privkey,pubkey --id 3 --store-private-key quan-key.pem --auth-id 3 --verify-pin --extractable --id 3 pkcs15init-OpenPGP: Some parts in openpgp.profile are not used.
This commit is contained in:
parent
7123638454
commit
b67063dcd8
|
@ -18,7 +18,7 @@ option default {
|
||||||
so-pin-flags = local, initialized, soPin;
|
so-pin-flags = local, initialized, soPin;
|
||||||
so-min-pin-length = 8;
|
so-min-pin-length = 8;
|
||||||
so-pin-attempts = 3;
|
so-pin-attempts = 3;
|
||||||
so-auth-id = FF;
|
so-auth-id = 3;
|
||||||
odf-size = 256;
|
odf-size = 256;
|
||||||
aodf-size = 256;
|
aodf-size = 256;
|
||||||
cdf-size = 512;
|
cdf-size = 512;
|
||||||
|
@ -90,38 +90,7 @@ filesystem {
|
||||||
# this is present
|
# this is present
|
||||||
EF private-key {
|
EF private-key {
|
||||||
file-id = 5F48;
|
file-id = 5F48;
|
||||||
ACL = *=NEVER, CRYPTO=$PIN, UPDATE=$PIN;
|
ACL = *=NEVER, CRYPTO=$PIN, UPDATE=CHV3;
|
||||||
}
|
|
||||||
|
|
||||||
# public keys
|
|
||||||
EF public-key {
|
|
||||||
file-id = 7F49;
|
|
||||||
structure = transparent;
|
|
||||||
ACL = *=NEVER,
|
|
||||||
READ=NONE,
|
|
||||||
UPDATE=$PIN,
|
|
||||||
ERASE=$PIN;
|
|
||||||
}
|
|
||||||
|
|
||||||
# Certificate template
|
|
||||||
EF certificate {
|
|
||||||
file-id = 7F21;
|
|
||||||
structure = transparent;
|
|
||||||
ACL = *=NEVER,
|
|
||||||
READ=NONE,
|
|
||||||
UPDATE=CHV3,
|
|
||||||
WRITE=CHV3,
|
|
||||||
DELETE=CHV3;
|
|
||||||
}
|
|
||||||
|
|
||||||
# private data objects are stored in transparent EFs.
|
|
||||||
EF privdata {
|
|
||||||
file-id = 0101;
|
|
||||||
structure = transparent;
|
|
||||||
ACL = *=NEVER,
|
|
||||||
READ=$PIN,
|
|
||||||
UPDATE=$PIN,
|
|
||||||
ERASE=$PIN;
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -95,7 +95,12 @@ static int openpgp_create_pin(sc_profile_t *profile, sc_pkcs15_card_t *p15card,
|
||||||
static int openpgp_create_key(sc_profile_t *profile, sc_pkcs15_card_t *p15card,
|
static int openpgp_create_key(sc_profile_t *profile, sc_pkcs15_card_t *p15card,
|
||||||
sc_pkcs15_object_t *obj)
|
sc_pkcs15_object_t *obj)
|
||||||
{
|
{
|
||||||
return SC_ERROR_NOT_SUPPORTED;
|
/* For OpenPGP card, the number of keys is fixed,
|
||||||
|
* so this function does not really do anything.
|
||||||
|
* It just present here to avoid pkcs15init's default routine,
|
||||||
|
* which tries to do impossible things. */
|
||||||
|
LOG_FUNC_CALLED(p15card->card->ctx);
|
||||||
|
LOG_FUNC_RETURN(p15card->card->ctx, SC_SUCCESS);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -109,7 +114,32 @@ static int openpgp_create_key(sc_profile_t *profile, sc_pkcs15_card_t *p15card,
|
||||||
static int openpgp_store_key(sc_profile_t *profile, sc_pkcs15_card_t *p15card,
|
static int openpgp_store_key(sc_profile_t *profile, sc_pkcs15_card_t *p15card,
|
||||||
sc_pkcs15_object_t *obj, sc_pkcs15_prkey_t *key)
|
sc_pkcs15_object_t *obj, sc_pkcs15_prkey_t *key)
|
||||||
{
|
{
|
||||||
return SC_ERROR_NOT_SUPPORTED;
|
sc_card_t *card = p15card->card;
|
||||||
|
sc_pkcs15_prkey_info_t *kinfo = (sc_pkcs15_prkey_info_t *) obj->data;
|
||||||
|
struct sc_pkcs15_prkey_rsa *rsa = &(key->u.rsa);
|
||||||
|
sc_cardctl_openpgp_keystore_info_t key_info;
|
||||||
|
int r;
|
||||||
|
|
||||||
|
LOG_FUNC_CALLED(card->ctx);
|
||||||
|
|
||||||
|
if (obj->type != SC_PKCS15_TYPE_PRKEY_RSA) {
|
||||||
|
sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "only RSA is currently supported");
|
||||||
|
return SC_ERROR_NOT_SUPPORTED;
|
||||||
|
}
|
||||||
|
|
||||||
|
memset(&key_info, 0, sizeof(sc_cardctl_openpgp_keystore_info_t));
|
||||||
|
key_info.keytype = kinfo->id.value[0];
|
||||||
|
key_info.e = rsa->exponent.data;
|
||||||
|
key_info.e_len = rsa->exponent.len;
|
||||||
|
key_info.p = rsa->p.data;
|
||||||
|
key_info.p_len = rsa->p.len;
|
||||||
|
key_info.q = rsa->q.data;
|
||||||
|
key_info.q_len = rsa->q.len;
|
||||||
|
key_info.n = rsa->modulus.data;
|
||||||
|
key_info.n_len = rsa->modulus.len;
|
||||||
|
r = sc_card_ctl(card, SC_CARDCTL_OPENPGP_STORE_KEY, &key_info);
|
||||||
|
|
||||||
|
LOG_FUNC_RETURN(card->ctx, r);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
Loading…
Reference in New Issue