Encryption and Signature Subkeys on Card

Joachim Breitner mail at joachim-breitner.de
Tue Jul 13 21:14:49 CEST 2004


finally I arrived where I want to be. I hacked a little bit on gnupg
(v1.3.6) and now I can create subkeys for my already existing key on a
gnupg card and can remove all private keys from my disk (my current
primay key would be saved on a offline medium or computer).

To do this, I had to change a bit of the code. Unified diff appended.
 * in genkey.c I added the function generate_card_subkeypair, using
generate_subkeypair as a template. The most relevant lines of code are:

    algo = ask_algo( 2, &use ); // extra addmode for subkey on card
    expire = ask_expire_interval(0);
    if( !cpr_enabled() && !cpr_get_answer_is_yes("keygen.sub.okay",
                                                  _("Really create? ") ) )
        goto leave;

    if( passphrase ) {

      // set the serialno in "para"
      para = xcalloc(1,sizeof *para + strlen(info.serialno));
      para->key = pSERIALNO;
      strcpy(para->u.value, info.serialno);

      rc = gen_card_key (1, algo,
                         use == PUBKEY_USAGE_SIG ? 1 : 2,
                         pub_keyblock, sec_keyblock, expire, para);

As you can see, I added a new parameter to gen_card_key (the first one)
to tell the function to create a subkey. (The current magic - encryption
key is alway primary key - did not work here).
I also had to define a new addmode (2) for ask_algo, since only 4 and 5
are valid options here.

 * In keyedit.c I added the command addcardkey to do this stuff. Note
that you have to call gpg with --allow-admin to create keys on the card.

 * In keyedit.c I also made sure that if you set a password for a key,
it is not set for any subkeys with special mode 1002 (which seems to
mean "key is on card").

Please have a look at the code and comment it, and use it if you with.
I'd really like to see this feature in a release soon :-)

Joachim "nomeata" Breitner
  mail: mail at joachim-breitner.de | ICQ# 74513189 | GPG-Key: 4743206C
  JID: joachimbreitner at amessage.de | http://www.joachim-breitner.de/
  Debian Developer: nomeata at debian.org
Please avoid sending me Word or PowerPoint attachments.
See http://www.fsf.org/philosophy/no-word-attachments.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: diff-subkeys-on-card.diff
Type: text/x-patch
Size: 10190 bytes
Desc: not available
Url : /pipermail/attachments/20040713/129f1def/diff-subkeys-on-card-0001.bin

More information about the Gnupg-devel mailing list