[PATCH scute] Build a second library which uses the signing key.

Damien Goutte-Gattat dgouttegattat at incenp.org
Sat May 19 21:43:25 CEST 2018


> This patch introduces the configure switch --enable-sigkey which
> enables building of scutesig.so which uses the signature key.


However I propose (see the patch below) a slightly modified version
in which the --enable-signing-key flag simply changes the key to
use from the authentication key to the signing key, without building
a second library. This avoid further code duplication in
src/Makefile.am and makes a less intrusive patch.

If you need both a scute using the authentication key and a scute
using the signing key, then you just have to configure and build
twice (first without the --enable-signing-key flag, then with it)
and rename one of the two libraries accordingly.

-- >8 --
Subject: [PATCH scute] Allow to use the signing key.

* configure.ac: New flag --enable-signing-key.
* src/slots.c (slot_init): Use the signing key.
(session_sign): Likewise.

This patch allows to build a version of Scute which uses the
signing key instead of the authentication key.

Suggested-by: Dirk Gottschalk <dirk.gottschalk1980 at googlemail.com>
Signed-off-by: Damien Goutte-Gattat <dgouttegattat at incenp.org>
 configure.ac |  7 +++++++
 src/slots.c  | 11 +++++++++++
 2 files changed, 18 insertions(+)

diff --git a/configure.ac b/configure.ac
index 3615a49..7848690 100644
--- a/configure.ac
+++ b/configure.ac
@@ -313,6 +313,13 @@ else
+# Use signing key?
+              AS_HELP_STRING([--enable-signing-key],
+                             [Use signing key instead of authentication key]))
+if test "$enable_signing_key" = yes ; then
+  AC_DEFINE(ENABLE_SIGNING_KEY,1,[Whether to use the signing key.])
 dnl Check for GPGSM version requirement.
diff --git a/src/slots.c b/src/slots.c
index fc69d15..f414331 100644
--- a/src/slots.c
+++ b/src/slots.c
@@ -385,7 +385,12 @@ slot_init (slot_iterator_t id)
   gpg_error_t err = 0;
   struct slot *slot = scute_table_data (slots, id);
+  err = scute_gpgsm_get_cert (slot->info.grip1, 1, add_object, slot);
   err = scute_gpgsm_get_cert (slot->info.grip3, 3, add_object, slot);
   if (err)
     goto init_out;
@@ -1033,8 +1038,14 @@ session_sign (slot_iterator_t id, session_iterator_t sid,
   sig_len = *pulSignatureLen;
+  err = scute_agent_sign (slot->info.grip1, pData, ulDataLen,
+			  pSignature, &sig_len);
   err = scute_agent_sign (slot->info.grip3, pData, ulDataLen,
 			  pSignature, &sig_len);
   /* FIXME: Oh well.  */
   if (gpg_err_code (err) == GPG_ERR_INV_ARG)

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-devel/attachments/20180519/8fbcb3df/attachment-0001.sig>

More information about the Gnupg-devel mailing list