Home GnuPG
Diffusion GnuPG 54c56230e305

sm: Fix certificate creation with key on card.

Description

sm: Fix certificate creation with key on card.

* sm/certreqgen.c (create_request): Fix for certmode.

When using an existing key from a card for certificate signing (in
contrast to the default of generating a CSR), the code tried to use
the same key for signing instead of the Signing-Key parameter. It is
perfectly okay to use the regular signing path via gpg-agent for
certificate creation - only self-signed certificates with a key on the
card require the direct use of the card key (via "SCD PKSIGN").

(cherry picked from commit c1000c673814e552923cf1361346d7dfeee55608)

  • Signed-off-by: Werner Koch <wk@gnupg.org>

Details

Provenance
wernerAuthored on Feb 21 2019, 5:32 PM
Parents
rG0a95b153811f: agent: Fix for suggested Libgcrypt use.
Branches
Unknown
Tags
Unknown