pkcs15init-openpgp: Support for private key import in pkcs15init.
Example command: pkcs15-init --delete-objects privkey,pubkey --id 3 --store-private-key quan-key.pem --auth-id 3 --verify-pin --extractable --id 3 pkcs15init-OpenPGP: Some parts in openpgp.profile are not used.
This commit is contained in:
parent
7123638454
commit
b67063dcd8
|
@ -18,7 +18,7 @@ option default {
|
|||
so-pin-flags = local, initialized, soPin;
|
||||
so-min-pin-length = 8;
|
||||
so-pin-attempts = 3;
|
||||
so-auth-id = FF;
|
||||
so-auth-id = 3;
|
||||
odf-size = 256;
|
||||
aodf-size = 256;
|
||||
cdf-size = 512;
|
||||
|
@ -90,38 +90,7 @@ filesystem {
|
|||
# this is present
|
||||
EF private-key {
|
||||
file-id = 5F48;
|
||||
ACL = *=NEVER, CRYPTO=$PIN, UPDATE=$PIN;
|
||||
}
|
||||
|
||||
# public keys
|
||||
EF public-key {
|
||||
file-id = 7F49;
|
||||
structure = transparent;
|
||||
ACL = *=NEVER,
|
||||
READ=NONE,
|
||||
UPDATE=$PIN,
|
||||
ERASE=$PIN;
|
||||
}
|
||||
|
||||
# Certificate template
|
||||
EF certificate {
|
||||
file-id = 7F21;
|
||||
structure = transparent;
|
||||
ACL = *=NEVER,
|
||||
READ=NONE,
|
||||
UPDATE=CHV3,
|
||||
WRITE=CHV3,
|
||||
DELETE=CHV3;
|
||||
}
|
||||
|
||||
# private data objects are stored in transparent EFs.
|
||||
EF privdata {
|
||||
file-id = 0101;
|
||||
structure = transparent;
|
||||
ACL = *=NEVER,
|
||||
READ=$PIN,
|
||||
UPDATE=$PIN,
|
||||
ERASE=$PIN;
|
||||
ACL = *=NEVER, CRYPTO=$PIN, UPDATE=CHV3;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -95,7 +95,12 @@ static int openpgp_create_pin(sc_profile_t *profile, sc_pkcs15_card_t *p15card,
|
|||
static int openpgp_create_key(sc_profile_t *profile, sc_pkcs15_card_t *p15card,
|
||||
sc_pkcs15_object_t *obj)
|
||||
{
|
||||
return SC_ERROR_NOT_SUPPORTED;
|
||||
/* For OpenPGP card, the number of keys is fixed,
|
||||
* so this function does not really do anything.
|
||||
* It just present here to avoid pkcs15init's default routine,
|
||||
* which tries to do impossible things. */
|
||||
LOG_FUNC_CALLED(p15card->card->ctx);
|
||||
LOG_FUNC_RETURN(p15card->card->ctx, SC_SUCCESS);
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -109,7 +114,32 @@ static int openpgp_create_key(sc_profile_t *profile, sc_pkcs15_card_t *p15card,
|
|||
static int openpgp_store_key(sc_profile_t *profile, sc_pkcs15_card_t *p15card,
|
||||
sc_pkcs15_object_t *obj, sc_pkcs15_prkey_t *key)
|
||||
{
|
||||
sc_card_t *card = p15card->card;
|
||||
sc_pkcs15_prkey_info_t *kinfo = (sc_pkcs15_prkey_info_t *) obj->data;
|
||||
struct sc_pkcs15_prkey_rsa *rsa = &(key->u.rsa);
|
||||
sc_cardctl_openpgp_keystore_info_t key_info;
|
||||
int r;
|
||||
|
||||
LOG_FUNC_CALLED(card->ctx);
|
||||
|
||||
if (obj->type != SC_PKCS15_TYPE_PRKEY_RSA) {
|
||||
sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "only RSA is currently supported");
|
||||
return SC_ERROR_NOT_SUPPORTED;
|
||||
}
|
||||
|
||||
memset(&key_info, 0, sizeof(sc_cardctl_openpgp_keystore_info_t));
|
||||
key_info.keytype = kinfo->id.value[0];
|
||||
key_info.e = rsa->exponent.data;
|
||||
key_info.e_len = rsa->exponent.len;
|
||||
key_info.p = rsa->p.data;
|
||||
key_info.p_len = rsa->p.len;
|
||||
key_info.q = rsa->q.data;
|
||||
key_info.q_len = rsa->q.len;
|
||||
key_info.n = rsa->modulus.data;
|
||||
key_info.n_len = rsa->modulus.len;
|
||||
r = sc_card_ctl(card, SC_CARDCTL_OPENPGP_STORE_KEY, &key_info);
|
||||
|
||||
LOG_FUNC_RETURN(card->ctx, r);
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
Loading…
Reference in New Issue