Diffusion GnuPG 3b69d8bf7146

gpg: Fix leftover unprotected card backup key.
3b69d8bf7146
Actions

Tags

None

Subscribers

None

Description

gpg: Fix leftover unprotected card backup key.

* agent/command.c (cmd_learn): Add option --reallyforce.
* agent/findkey.c (agent_write_private_key): Implement reallyforce.
Also add arg reallyforce and pass it along the call chain.
* g10/call-agent.c (agent_scd_learn): Pass --reallyforce with a
special force value.
* g10/keygen.c (card_store_key_with_backup): Use that force value.

This was a regression in 2.2.42. We took the easy path to fix it by
getting the behaviour back to what we did prior to 2.2.42. With GnuPG
2.4.4 we use an entire different and safer approach by introducing an
ephemeral private key store.

GnuPG-bug-id: T6944

Details

Provenance

Authored on Jan 24 2024, 11:29 AM

Parents

rG9938e8d3f4a3: common: Fix unused variable warning on Unix.

Branches

Unknown

Tags

Unknown

Tasks

T6944: The default card key generation keeps an unprotected backup of the encryption key on disk

Event Timeline

• werner committed rG3b69d8bf7146: gpg: Fix leftover unprotected card backup key. (authored by • werner).Jan 24 2024, 11:45 AM

• werner added a task: T6944: The default card key generation keeps an unprotected backup of the encryption key on disk.

Changes (10)

Path

Size

agent/

g10/

rG3b69d8bf7146

agent/agent.h

Loading...

agent/command-ssh.c

Loading...

agent/command.c

Loading...

agent/cvt-openpgp.c

Loading...

agent/findkey.c

Loading...

agent/genkey.c

Loading...

agent/learncard.c

Loading...

agent/protect-tool.c

Loading...

g10/call-agent.c

Loading...

g10/keygen.c

Loading...