gnupg 1.4 decryption with smartcard for anonymous recipient

Werner Koch wk at gnupg.org
Fri May 30 19:27:22 CEST 2014


On Fri, 30 May 2014 15:21, gniibe at fsij.org said:

> Looking 2.0, here is a possible fix in 1.4.  It works for me, (with
> git-remote-gcrypt).

I would suggest to make it more explicit.  Best would be to detect the
try-all-secret case and suppress the error message.  Something like this
(not at all tested):

diff --git a/g10/cardglue.c b/g10/cardglue.c
index 809b315..993b6c8 100644
--- a/g10/cardglue.c
+++ b/g10/cardglue.c
@@ -357,15 +357,21 @@ agent_release_card_info (struct agent_card_info_s *info)
 /* Print an error message for a failed assuan_transact and return a
    gpg error code. No error is printed if RC is 0. */
 static gpg_error_t
-test_transact (int rc, const char *command)
+test_transact2 (int rc, const char *command, int silent)
 {
   if (!rc)
     return 0;
+  if (!silent)
   log_error ("sending command `%s' to agent failed: %s\n",
              command, assuan_strerror (rc));
   return gpg_error (GPG_ERR_CARD);
 }
 
+static gpg_error_t
+test_transact (int rc, const char *command)
+{
+  return test_transact2 (rc, command, 0);
+}
 
 /* Try to open a card using an already running agent.  Prepare a
    proper application context and return it. */
@@ -1370,6 +1376,7 @@ agent_scd_pksign (const char *serialno, int hashalgo,
 int 
 agent_scd_pkdecrypt (const char *serialno,
                      const unsigned char *indata, size_t indatalen,
+                     int silent,
                      unsigned char **r_buf, size_t *r_buflen)
 {
   struct pincb_parm_s parm;
@@ -1406,10 +1413,10 @@ agent_scd_pkdecrypt (const char *serialno,
           init_membuf (&data, 1024);
           snprintf (line, DIM(line)-1, "SCD PKDECRYPT %s", serialno);
           line[DIM(line)-1] = 0;
-          rc = test_transact (assuan_transact (app->assuan_ctx, line,
+          rc = assuan_transact (app->assuan_ctx, line,
                                                membuf_data_cb, &data,
-                                               NULL, NULL, NULL, NULL),
-                              "SCD PKDECRYPT");
+                                NULL, NULL, NULL, NULL);
+          rc = test_transact2 (rc, "SCD PKDECRYPT", silent);
           if (rc)
             xfree (get_membuf (&data, &len));
           else
diff --git a/g10/pubkey-enc.c b/g10/pubkey-enc.c
index 51b5c55..6f42576 100644
--- a/g10/pubkey-enc.c
+++ b/g10/pubkey-enc.c
@@ -36,7 +36,7 @@
 #include "cardglue.h"
 
 static int get_it( PKT_pubkey_enc *k,
-		   DEK *dek, PKT_secret_key *sk, u32 *keyid );
+		   DEK *dek, PKT_secret_key *sk, u32 *keyid, int silent);
 
 
 /* check that the given algo is mentioned in one of the valid user IDs */
@@ -80,7 +80,7 @@ get_session_key( PKT_pubkey_enc *k, DEK *dek )
 	sk = xmalloc_clear( sizeof *sk );
 	sk->pubkey_algo = k->pubkey_algo; /* we want a pubkey with this algo*/
 	if( !(rc = get_seckey( sk, k->keyid )) )
-	    rc = get_it( k, dek, sk, k->keyid );
+          rc = get_it( k, dek, sk, k->keyid, 0 );
     }
     else { /* anonymous receiver: Try all available secret keys */
 	void *enum_context = NULL;
@@ -114,7 +114,7 @@ get_session_key( PKT_pubkey_enc *k, DEK *dek )
 								      once */
 	    if( !rc )
 	      {
-		rc = get_it( k, dek, sk, keyid );
+		rc = get_it( k, dek, sk, keyid, 1 );
 		/* Successfully checked the secret key (either it was
 		   a card, had no passphrase, or had the right
 		   passphrase) but couldn't decrypt the session key,
@@ -145,7 +145,8 @@ get_session_key( PKT_pubkey_enc *k, DEK *dek )
 
 
 static int
-get_it( PKT_pubkey_enc *enc, DEK *dek, PKT_secret_key *sk, u32 *keyid )
+get_it( PKT_pubkey_enc *enc, DEK *dek, PKT_secret_key *sk, u32 *keyid,
+        int silent)
 {
   int rc;
   MPI plain_dek  = NULL;
@@ -170,7 +171,8 @@ get_it( PKT_pubkey_enc *enc, DEK *dek, PKT_secret_key *sk, u32 *keyid )
       if (!indata)
         BUG ();
 
-      rc = agent_scd_pkdecrypt (snbuf, indata, indatalen, &rbuf, &rbuflen);
+      rc = agent_scd_pkdecrypt (snbuf, indata, indatalen, silent,
+                                &rbuf, &rbuflen);
       xfree (snbuf);
       xfree (indata);
       if (rc)


-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.




More information about the Gnupg-devel mailing list