PeterCxy/open-keychain
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases 1 Wiki Activity
open-keychain/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/securitytoken/KeyType.java
Vincent Breitmoser 778fb8e94a Retain RSA key format when setting key attributes in putKey operation 
For the put secret key operation, openpgp applet implementations differ
in their handling of attributes:

- there are four formats for sending key data: standard, standard with
  modulus, with crt, and with crt and modulus.
- the key attributes (modulus length, public exponent length, key
  format) can not be changed on all cards. changing them is only
  necessary for cards that support different key lengths (that is,
  RSA 4096)
- on the cards where they *can* be changed, not all parameters might be
  changeable. in particular, modulus length may be changeable but not
  key format.

Because of this constellation, the put key operation now only sets the
modulus of the key, while retaining the key format. At the time of
writing, the Gnuk and Nitrokey use the standard format, while the
Yubikey and other applets use crt+modulus.

This fixes loading keys into the Nitrokey Pro, and partially for the
Gnuk token.
2017-10-30 21:45:38 +01:00

72 lines
2.1 KiB
Java
Raw Blame History

/*
* Copyright (C) 2016 Nikita Mikhailov <nikita.s.mikhailov@gmail.com>
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
package org.sufficientlysecure.keychain.securitytoken;
import org.sufficientlysecure.keychain.pgp.CanonicalizedSecretKey;
public enum KeyType {
SIGN(0, 0xB6, 0xCE, 0xC7, 0xC1),
ENCRYPT(1, 0xB8, 0xCF, 0xC8, 0xC2),
AUTH(2, 0xA4, 0xD0, 0xC9, 0xC3);
private final int mIdx;
private final int mSlot;
private final int mTimestampObjectId;
private final int mFingerprintObjectId;
private final int mAlgoAttributeSlot;
KeyType(int idx, int slot, int timestampObjectId, int fingerprintObjectId, int algoAttributeSlot) {
this.mIdx = idx;
this.mSlot = slot;
this.mTimestampObjectId = timestampObjectId;
this.mFingerprintObjectId = fingerprintObjectId;
this.mAlgoAttributeSlot = algoAttributeSlot;
}
public static KeyType from(final CanonicalizedSecretKey key) {
if (key.canSign() || key.canCertify()) {
return SIGN;
} else if (key.canEncrypt()) {
return ENCRYPT;
} else if (key.canAuthenticate()) {
return AUTH;
}
return null;
}
public int getIdx() {
return mIdx;
}
public int getSlot() {
return mSlot;
}
public int getTimestampObjectId() {
return mTimestampObjectId;
}
public int getFingerprintObjectId() {
return mFingerprintObjectId;
}
public int getAlgoAttributeSlot() {
return mAlgoAttributeSlot;
}
}
Reference in a new issue View git blame Copy permalink