1 /* card-util.c - Utility functions for the OpenPGP card.
2 * Copyright (C) 2003-2005, 2009 Free Software Foundation, Inc.
3 * Copyright (C) 2003-2005, 2009 Werner Koch
5 * This file is part of GnuPG.
7 * GnuPG is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 3 of the License, or
10 * (at your option) any later version.
12 * GnuPG is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, see <https://www.gnu.org/licenses/>.
26 #ifdef HAVE_LIBREADLINE
27 # define GNUPG_LIBREADLINE_H_INCLUDED
28 # include <readline/readline.h>
29 #endif /*HAVE_LIBREADLINE*/
31 #if GNUPG_MAJOR_VERSION != 1
33 #endif /*GNUPG_MAJOR_VERSION != 1*/
40 #include "keyserver-internal.h"
42 #if GNUPG_MAJOR_VERSION == 1
43 # include "cardglue.h"
44 #else /*GNUPG_MAJOR_VERSION!=1*/
45 # include "call-agent.h"
46 #endif /*GNUPG_MAJOR_VERSION!=1*/
48 #define CONTROL_D ('D' - 'A' + 1)
52 write_sc_op_status (gpg_error_t err)
54 switch (gpg_err_code (err))
57 write_status (STATUS_SC_OP_SUCCESS);
59 #if GNUPG_MAJOR_VERSION != 1
60 case GPG_ERR_CANCELED:
61 case GPG_ERR_FULLY_CANCELED:
62 write_status_text (STATUS_SC_OP_FAILURE, "1");
65 write_status_text (STATUS_SC_OP_FAILURE, "2");
68 write_status (STATUS_SC_OP_FAILURE);
70 #endif /* GNUPG_MAJOR_VERSION != 1 */
75 /* Change the PIN of a an OpenPGP card. This is an interactive
78 change_pin (int unblock_v2, int allow_admin)
80 struct agent_card_info_s info;
83 rc = agent_scd_learn (&info, 0);
86 log_error (_("OpenPGP card not available: %s\n"),
91 log_info (_("OpenPGP card no. %s detected\n"),
92 info.serialno? info.serialno : "[none]");
94 agent_clear_pin_cache (info.serialno);
98 agent_release_card_info (&info);
99 log_error (_("can't do this in batch mode\n"));
107 log_error (_("This command is only available for version 2 cards\n"));
108 else if (!info.chvretry[1])
109 log_error (_("Reset Code not or not anymore available\n"));
112 rc = agent_scd_change_pin (2, info.serialno);
113 write_sc_op_status (rc);
115 tty_printf ("Error changing the PIN: %s\n", gpg_strerror (rc));
117 tty_printf ("PIN changed.\n");
120 else if (!allow_admin)
122 rc = agent_scd_change_pin (1, info.serialno);
123 write_sc_op_status (rc);
125 tty_printf ("Error changing the PIN: %s\n", gpg_strerror (rc));
127 tty_printf ("PIN changed.\n");
135 tty_printf ("1 - change PIN\n"
137 "3 - change Admin PIN\n"
138 "4 - set the Reset Code\n"
142 answer = cpr_get("cardutil.change_pin.menu",_("Your selection? "));
144 if (strlen (answer) != 1)
150 rc = agent_scd_change_pin (1, info.serialno);
151 write_sc_op_status (rc);
153 tty_printf ("Error changing the PIN: %s\n", gpg_strerror (rc));
155 tty_printf ("PIN changed.\n");
157 else if (*answer == '2')
160 rc = agent_scd_change_pin (101, info.serialno);
161 write_sc_op_status (rc);
163 tty_printf ("Error unblocking the PIN: %s\n", gpg_strerror (rc));
165 tty_printf ("PIN unblocked and new PIN set.\n");
167 else if (*answer == '3')
169 /* Change Admin PIN. */
170 rc = agent_scd_change_pin (3, info.serialno);
171 write_sc_op_status (rc);
173 tty_printf ("Error changing the PIN: %s\n", gpg_strerror (rc));
175 tty_printf ("PIN changed.\n");
177 else if (*answer == '4')
179 /* Set a new Reset Code. */
180 rc = agent_scd_change_pin (102, info.serialno);
181 write_sc_op_status (rc);
183 tty_printf ("Error setting the Reset Code: %s\n",
186 tty_printf ("Reset Code set.\n");
188 else if (*answer == 'q' || *answer == 'Q')
194 agent_release_card_info (&info);
198 get_manufacturer (unsigned int no)
200 /* Note: Make sure that there is no colon or linefeed in the string. */
203 case 0x0001: return "PPC Card Systems";
204 case 0x0002: return "Prism";
205 case 0x0003: return "OpenFortress";
206 case 0x0004: return "Wewid";
207 case 0x0005: return "ZeitControl";
208 case 0x0006: return "Yubico";
209 case 0x0007: return "OpenKMS";
210 case 0x0008: return "LogoEmail";
211 case 0x0009: return "Fidesmo";
212 case 0x000A: return "Dangerous Things";
214 case 0x002A: return "Magrathea";
216 case 0x1337: return "Warsaw Hackerspace";
217 case 0x2342: return "warpzone"; /* hackerspace Muenster. */
218 case 0xF517: return "FSIJ";
220 /* 0x0000 and 0xFFFF are defined as test cards per spec,
221 0xFF00 to 0xFFFE are assigned for use with randomly created
224 case 0xffff: return "test card";
225 default: return (no & 0xff00) == 0xff00? "unmanaged S/N range":"unknown";
231 print_sha1_fpr (estream_t fp, const unsigned char *fpr)
237 for (i=0; i < 20 ; i+=2, fpr += 2 )
240 tty_fprintf (fp, " ");
241 tty_fprintf (fp, " %02X%02X", *fpr, fpr[1]);
245 tty_fprintf (fp, " [none]");
246 tty_fprintf (fp, "\n");
251 print_sha1_fpr_colon (estream_t fp, const unsigned char *fpr)
257 for (i=0; i < 20 ; i++, fpr++)
258 es_fprintf (fp, "%02X", *fpr);
265 print_name (estream_t fp, const char *text, const char *name)
267 tty_fprintf (fp, "%s", text);
269 /* FIXME: tty_printf_utf8_string2 eats everything after and
270 including an @ - e.g. when printing an url. */
274 print_utf8_buffer2 (fp, name, strlen (name), '\n');
276 tty_print_utf8_string2 (NULL, name, strlen (name), 0);
279 tty_fprintf (fp, _("[not set]"));
280 tty_fprintf (fp, "\n");
284 print_isoname (estream_t fp, const char *text,
285 const char *tag, const char *name)
288 es_fprintf (fp, "%s:", tag);
290 tty_fprintf (fp, "%s", text);
294 char *p, *given, *buf = xstrdup (name);
296 given = strstr (buf, "<<");
300 if (given && given[2])
305 es_write_sanitized (fp, given, strlen (given), ":", NULL);
307 print_utf8_buffer2 (fp, given, strlen (given), '\n');
309 tty_print_utf8_string2 (NULL, given, strlen (given), 0);
314 tty_fprintf (fp, " ");
318 es_write_sanitized (fp, buf, strlen (buf), ":", NULL);
320 print_utf8_buffer2 (fp, buf, strlen (buf), '\n');
322 tty_print_utf8_string2 (NULL, buf, strlen (buf), 0);
330 tty_fprintf (fp, _("[not set]"));
334 es_fputs (":\n", fp);
336 tty_fprintf (fp, "\n");
339 /* Return true if the SHA1 fingerprint FPR consists only of zeroes. */
341 fpr_is_zero (const char *fpr)
345 for (i=0; i < 20 && !fpr[i]; i++)
351 /* Return true if the SHA1 fingerprint FPR consists only of 0xFF. */
353 fpr_is_ff (const char *fpr)
357 for (i=0; i < 20 && fpr[i] == '\xff'; i++)
363 /* Print all available information about the current card. */
365 card_status (estream_t fp, char *serialno, size_t serialnobuflen)
367 struct agent_card_info_s info;
368 PKT_public_key *pk = xcalloc (1, sizeof *pk);
369 kbnode_t keyblock = NULL;
372 const unsigned char *thefpr;
375 if (serialno && serialnobuflen)
378 rc = agent_scd_learn (&info, 0);
382 es_fputs ("AID:::\n", fp);
383 log_error (_("OpenPGP card not available: %s\n"), gpg_strerror (rc));
389 es_fprintf (fp, "Reader:%s:", info.reader? info.reader : "");
391 tty_fprintf (fp, "Reader ...........: %s\n",
392 info.reader? info.reader : "[none]");
394 es_fprintf (fp, "AID:%s:", info.serialno? info.serialno : "");
396 tty_fprintf (fp, "Application ID ...: %s\n",
397 info.serialno? info.serialno : "[none]");
398 if (!info.serialno || strncmp (info.serialno, "D27600012401", 12)
399 || strlen (info.serialno) != 32 )
401 if (info.apptype && !strcmp (info.apptype, "NKS"))
404 es_fputs ("netkey-card:\n", fp);
405 log_info ("this is a NetKey card\n");
407 else if (info.apptype && !strcmp (info.apptype, "DINSIG"))
410 es_fputs ("dinsig-card:\n", fp);
411 log_info ("this is a DINSIG compliant card\n");
413 else if (info.apptype && !strcmp (info.apptype, "P15"))
416 es_fputs ("pkcs15-card:\n", fp);
417 log_info ("this is a PKCS#15 compliant card\n");
419 else if (info.apptype && !strcmp (info.apptype, "GELDKARTE"))
422 es_fputs ("geldkarte-card:\n", fp);
423 log_info ("this is a Geldkarte compliant card\n");
428 es_fputs ("unknown:\n", fp);
430 log_info ("not an OpenPGP card\n");
431 agent_release_card_info (&info);
438 else if (strlen (serialno)+1 > serialnobuflen)
439 log_error ("serial number longer than expected\n");
441 strcpy (serialno, info.serialno);
444 es_fputs ("openpgp-card:\n", fp);
449 es_fprintf (fp, "version:%.4s:\n", info.serialno+12);
450 uval = xtoi_2(info.serialno+16)*256 + xtoi_2 (info.serialno+18);
451 es_fprintf (fp, "vendor:%04x:%s:\n", uval, get_manufacturer (uval));
452 es_fprintf (fp, "serial:%.8s:\n", info.serialno+20);
454 print_isoname (fp, "Name of cardholder: ", "name", info.disp_name);
456 es_fputs ("lang:", fp);
458 es_write_sanitized (fp, info.disp_lang, strlen (info.disp_lang),
460 es_fputs (":\n", fp);
462 es_fprintf (fp, "sex:%c:\n", (info.disp_sex == 1? 'm':
463 info.disp_sex == 2? 'f' : 'u'));
465 es_fputs ("url:", fp);
467 es_write_sanitized (fp, info.pubkey_url, strlen (info.pubkey_url),
469 es_fputs (":\n", fp);
471 es_fputs ("login:", fp);
473 es_write_sanitized (fp, info.login_data, strlen (info.login_data),
475 es_fputs (":\n", fp);
477 es_fprintf (fp, "forcepin:%d:::\n", !info.chv1_cached);
478 for (i=0; i < DIM (info.key_attr); i++)
479 if (info.key_attr[i].algo == PUBKEY_ALGO_RSA)
480 es_fprintf (fp, "keyattr:%d:%d:%u:\n", i+1,
481 info.key_attr[i].algo, info.key_attr[i].nbits);
482 else if (info.key_attr[i].algo == PUBKEY_ALGO_ECDH
483 || info.key_attr[i].algo == PUBKEY_ALGO_ECDSA
484 || info.key_attr[i].algo == PUBKEY_ALGO_EDDSA)
485 es_fprintf (fp, "keyattr:%d:%d:%s:\n", i+1,
486 info.key_attr[i].algo, info.key_attr[i].curve);
487 es_fprintf (fp, "maxpinlen:%d:%d:%d:\n",
488 info.chvmaxlen[0], info.chvmaxlen[1], info.chvmaxlen[2]);
489 es_fprintf (fp, "pinretry:%d:%d:%d:\n",
490 info.chvretry[0], info.chvretry[1], info.chvretry[2]);
491 es_fprintf (fp, "sigcount:%lu:::\n", info.sig_counter);
493 for (i=0; i < 4; i++)
495 if (info.private_do[i])
497 es_fprintf (fp, "private_do:%d:", i+1);
498 es_write_sanitized (fp, info.private_do[i],
499 strlen (info.private_do[i]), ":", NULL);
500 es_fputs (":\n", fp);
504 es_fputs ("cafpr:", fp);
505 print_sha1_fpr_colon (fp, info.cafpr1valid? info.cafpr1:NULL);
506 print_sha1_fpr_colon (fp, info.cafpr2valid? info.cafpr2:NULL);
507 print_sha1_fpr_colon (fp, info.cafpr3valid? info.cafpr3:NULL);
509 es_fputs ("fpr:", fp);
510 print_sha1_fpr_colon (fp, info.fpr1valid? info.fpr1:NULL);
511 print_sha1_fpr_colon (fp, info.fpr2valid? info.fpr2:NULL);
512 print_sha1_fpr_colon (fp, info.fpr3valid? info.fpr3:NULL);
514 es_fprintf (fp, "fprtime:%lu:%lu:%lu:\n",
515 (unsigned long)info.fpr1time, (unsigned long)info.fpr2time,
516 (unsigned long)info.fpr3time);
520 tty_fprintf (fp, "Version ..........: %.1s%c.%.1s%c\n",
521 info.serialno[12] == '0'?"":info.serialno+12,
523 info.serialno[14] == '0'?"":info.serialno+14,
525 tty_fprintf (fp, "Manufacturer .....: %s\n",
526 get_manufacturer (xtoi_2(info.serialno+16)*256
527 + xtoi_2 (info.serialno+18)));
528 tty_fprintf (fp, "Serial number ....: %.8s\n", info.serialno+20);
530 print_isoname (fp, "Name of cardholder: ", "name", info.disp_name);
531 print_name (fp, "Language prefs ...: ", info.disp_lang);
532 tty_fprintf (fp, "Sex ..............: %s\n",
533 info.disp_sex == 1? _("male"):
534 info.disp_sex == 2? _("female") : _("unspecified"));
535 print_name (fp, "URL of public key : ", info.pubkey_url);
536 print_name (fp, "Login data .......: ", info.login_data);
537 if (info.private_do[0])
538 print_name (fp, "Private DO 1 .....: ", info.private_do[0]);
539 if (info.private_do[1])
540 print_name (fp, "Private DO 2 .....: ", info.private_do[1]);
541 if (info.private_do[2])
542 print_name (fp, "Private DO 3 .....: ", info.private_do[2]);
543 if (info.private_do[3])
544 print_name (fp, "Private DO 4 .....: ", info.private_do[3]);
545 if (info.cafpr1valid)
547 tty_fprintf (fp, "CA fingerprint %d .:", 1);
548 print_sha1_fpr (fp, info.cafpr1);
550 if (info.cafpr2valid)
552 tty_fprintf (fp, "CA fingerprint %d .:", 2);
553 print_sha1_fpr (fp, info.cafpr2);
555 if (info.cafpr3valid)
557 tty_fprintf (fp, "CA fingerprint %d .:", 3);
558 print_sha1_fpr (fp, info.cafpr3);
560 tty_fprintf (fp, "Signature PIN ....: %s\n",
561 info.chv1_cached? _("not forced"): _("forced"));
562 if (info.key_attr[0].algo)
564 tty_fprintf (fp, "Key attributes ...:");
565 for (i=0; i < DIM (info.key_attr); i++)
566 if (info.key_attr[i].algo == PUBKEY_ALGO_RSA)
567 tty_fprintf (fp, " rsa%u", info.key_attr[i].nbits);
568 else if (info.key_attr[i].algo == PUBKEY_ALGO_ECDH
569 || info.key_attr[i].algo == PUBKEY_ALGO_ECDSA
570 || info.key_attr[i].algo == PUBKEY_ALGO_EDDSA)
572 const char *curve_for_print = "?";
574 if (info.key_attr[i].curve)
577 oid = openpgp_curve_to_oid (info.key_attr[i].curve, NULL);
579 curve_for_print = openpgp_oid_to_curve (oid, 0);
581 tty_fprintf (fp, " %s", curve_for_print);
583 tty_fprintf (fp, "\n");
585 tty_fprintf (fp, "Max. PIN lengths .: %d %d %d\n",
586 info.chvmaxlen[0], info.chvmaxlen[1], info.chvmaxlen[2]);
587 tty_fprintf (fp, "PIN retry counter : %d %d %d\n",
588 info.chvretry[0], info.chvretry[1], info.chvretry[2]);
589 tty_fprintf (fp, "Signature counter : %lu\n", info.sig_counter);
590 tty_fprintf (fp, "Signature key ....:");
591 print_sha1_fpr (fp, info.fpr1valid? info.fpr1:NULL);
592 if (info.fpr1valid && info.fpr1time)
593 tty_fprintf (fp, " created ....: %s\n",
594 isotimestamp (info.fpr1time));
595 tty_fprintf (fp, "Encryption key....:");
596 print_sha1_fpr (fp, info.fpr2valid? info.fpr2:NULL);
597 if (info.fpr2valid && info.fpr2time)
598 tty_fprintf (fp, " created ....: %s\n",
599 isotimestamp (info.fpr2time));
600 tty_fprintf (fp, "Authentication key:");
601 print_sha1_fpr (fp, info.fpr3valid? info.fpr3:NULL);
602 if (info.fpr3valid && info.fpr3time)
603 tty_fprintf (fp, " created ....: %s\n",
604 isotimestamp (info.fpr3time));
605 tty_fprintf (fp, "General key info..: ");
607 thefpr = (info.fpr1valid? info.fpr1 : info.fpr2valid? info.fpr2 :
608 info.fpr3valid? info.fpr3 : NULL);
609 /* If the fingerprint is all 0xff, the key has no asssociated
610 OpenPGP certificate. */
611 if ( thefpr && !fpr_is_ff (thefpr)
612 && !get_pubkey_byfprint (pk, &keyblock, thefpr, 20))
614 print_pubkey_info (fp, pk);
616 print_card_key_info (fp, keyblock);
619 tty_fprintf (fp, "[none]\n");
622 release_kbnode (keyblock);
623 free_public_key (pk);
624 agent_release_card_info (&info);
629 get_one_name (const char *prompt1, const char *prompt2)
636 name = cpr_get (prompt1, prompt2);
641 for (i=0; name[i] && name[i] >= ' ' && name[i] <= 126; i++)
644 /* The name must be in Latin-1 and not UTF-8 - lacking the code
645 to ensure this we restrict it to ASCII. */
647 tty_printf (_("Error: Only plain ASCII is currently allowed.\n"));
648 else if (strchr (name, '<'))
649 tty_printf (_("Error: The \"<\" character may not be used.\n"));
650 else if (strstr (name, " "))
651 tty_printf (_("Error: Double spaces are not allowed.\n"));
663 char *surname = NULL, *givenname = NULL;
667 surname = get_one_name ("keygen.smartcard.surname",
668 _("Cardholder's surname: "));
669 givenname = get_one_name ("keygen.smartcard.givenname",
670 _("Cardholder's given name: "));
671 if (!surname || !givenname || (!*surname && !*givenname))
675 return -1; /*canceled*/
678 isoname = xmalloc ( strlen (surname) + 2 + strlen (givenname) + 1);
679 strcpy (stpcpy (stpcpy (isoname, surname), "<<"), givenname);
682 for (p=isoname; *p; p++)
686 if (strlen (isoname) > 39 )
688 tty_printf (_("Error: Combined name too long "
689 "(limit is %d characters).\n"), 39);
694 rc = agent_scd_setattr ("DISP-NAME", isoname, strlen (isoname), NULL );
696 log_error ("error setting Name: %s\n", gpg_strerror (rc));
709 url = cpr_get ("cardedit.change_url", _("URL to retrieve public key: "));
715 if (strlen (url) > 254 )
717 tty_printf (_("Error: URL too long "
718 "(limit is %d characters).\n"), 254);
723 rc = agent_scd_setattr ("PUBKEY-URL", url, strlen (url), NULL );
725 log_error ("error setting URL: %s\n", gpg_strerror (rc));
727 write_sc_op_status (rc);
732 /* Fetch the key from the URL given on the card or try to get it from
733 the default keyserver. */
735 fetch_url (ctrl_t ctrl)
738 struct agent_card_info_s info;
740 memset(&info,0,sizeof(info));
742 rc=agent_scd_getattr("PUBKEY-URL",&info);
744 log_error("error retrieving URL from card: %s\n",gpg_strerror(rc));
747 rc=agent_scd_getattr("KEY-FPR",&info);
749 log_error("error retrieving key fingerprint from card: %s\n",
751 else if (info.pubkey_url && *info.pubkey_url)
755 add_to_strlist (&sl, info.pubkey_url);
756 rc = keyserver_fetch (ctrl, sl);
759 else if (info.fpr1valid)
761 rc = keyserver_import_fprint (ctrl, info.fpr1, 20, opt.keyserver, 0);
769 /* Read data from file FNAME up to MAXLEN characters. On error return
770 -1 and store NULL at R_BUFFER; on success return the number of
771 bytes read and store the address of a newly allocated buffer at
774 get_data_from_file (const char *fname, size_t maxlen, char **r_buffer)
782 fp = es_fopen (fname, "rb");
783 #if GNUPG_MAJOR_VERSION == 1
784 if (fp && is_secured_file (fileno (fp)))
793 tty_printf (_("can't open '%s': %s\n"), fname, strerror (errno));
797 data = xtrymalloc (maxlen? maxlen:1);
800 tty_printf (_("error allocating enough memory: %s\n"), strerror (errno));
806 n = es_fread (data, 1, maxlen, fp);
812 tty_printf (_("error reading '%s': %s\n"), fname, strerror (errno));
821 /* Write LENGTH bytes from BUFFER to file FNAME. Return 0 on
824 put_data_to_file (const char *fname, const void *buffer, size_t length)
828 fp = es_fopen (fname, "wb");
829 #if GNUPG_MAJOR_VERSION == 1
830 if (fp && is_secured_file (fileno (fp)))
839 tty_printf (_("can't create '%s': %s\n"), fname, strerror (errno));
843 if (length && es_fwrite (buffer, length, 1, fp) != 1)
845 tty_printf (_("error writing '%s': %s\n"), fname, strerror (errno));
855 change_login (const char *args)
861 if (args && *args == '<') /* Read it from a file */
863 for (args++; spacep (args); args++)
865 n = get_data_from_file (args, 254, &data);
871 data = cpr_get ("cardedit.change_login",
872 _("Login data (account name): "));
882 tty_printf (_("Error: Login data too long "
883 "(limit is %d characters).\n"), 254);
888 rc = agent_scd_setattr ("LOGIN-DATA", data, n, NULL );
890 log_error ("error setting login data: %s\n", gpg_strerror (rc));
892 write_sc_op_status (rc);
897 change_private_do (const char *args, int nr)
899 char do_name[] = "PRIVATE-DO-X";
904 log_assert (nr >= 1 && nr <= 4);
905 do_name[11] = '0' + nr;
907 if (args && (args = strchr (args, '<'))) /* Read it from a file */
909 for (args++; spacep (args); args++)
911 n = get_data_from_file (args, 254, &data);
917 data = cpr_get ("cardedit.change_private_do",
918 _("Private DO data: "));
928 tty_printf (_("Error: Private DO too long "
929 "(limit is %d characters).\n"), 254);
934 rc = agent_scd_setattr (do_name, data, n, NULL );
936 log_error ("error setting private DO: %s\n", gpg_strerror (rc));
938 write_sc_op_status (rc);
944 change_cert (const char *args)
950 if (args && *args == '<') /* Read it from a file */
952 for (args++; spacep (args); args++)
954 n = get_data_from_file (args, 16384, &data);
960 tty_printf ("usage error: redirection to file required\n");
964 rc = agent_scd_writecert ("OPENPGP.3", data, n);
966 log_error ("error writing certificate to card: %s\n", gpg_strerror (rc));
968 write_sc_op_status (rc);
974 read_cert (const char *args)
981 if (args && *args == '>') /* Write it to a file */
983 for (args++; spacep (args); args++)
989 tty_printf ("usage error: redirection to file required\n");
993 rc = agent_scd_readcert ("OPENPGP.3", &buffer, &length);
995 log_error ("error reading certificate from card: %s\n", gpg_strerror (rc));
997 rc = put_data_to_file (fname, buffer, length);
999 write_sc_op_status (rc);
1010 data = cpr_get ("cardedit.change_lang",
1011 _("Language preferences: "));
1017 if (strlen (data) > 8 || (strlen (data) & 1))
1019 tty_printf (_("Error: invalid length of preference string.\n"));
1024 for (p=data; *p && *p >= 'a' && *p <= 'z'; p++)
1028 tty_printf (_("Error: invalid characters in preference string.\n"));
1033 rc = agent_scd_setattr ("DISP-LANG", data, strlen (data), NULL );
1035 log_error ("error setting lang: %s\n", gpg_strerror (rc));
1037 write_sc_op_status (rc);
1049 data = cpr_get ("cardedit.change_sex",
1050 _("Sex ((M)ale, (F)emale or space): "));
1058 else if ((*data == 'M' || *data == 'm') && !data[1])
1060 else if ((*data == 'F' || *data == 'f') && !data[1])
1064 tty_printf (_("Error: invalid response.\n"));
1069 rc = agent_scd_setattr ("DISP-SEX", str, 1, NULL );
1071 log_error ("error setting sex: %s\n", gpg_strerror (rc));
1073 write_sc_op_status (rc);
1079 change_cafpr (int fprno)
1084 unsigned char fpr[20];
1086 data = cpr_get ("cardedit.change_cafpr", _("CA fingerprint: "));
1092 for (i=0, s=data; i < 20 && *s; )
1109 tty_printf (_("Error: invalid formatted fingerprint.\n"));
1113 rc = agent_scd_setattr (fprno==1?"CA-FPR-1":
1114 fprno==2?"CA-FPR-2":
1115 fprno==3?"CA-FPR-3":"x", fpr, 20, NULL );
1117 log_error ("error setting cafpr: %s\n", gpg_strerror (rc));
1118 write_sc_op_status (rc);
1125 toggle_forcesig (void)
1127 struct agent_card_info_s info;
1131 memset (&info, 0, sizeof info);
1132 rc = agent_scd_getattr ("CHV-STATUS", &info);
1135 log_error ("error getting current status: %s\n", gpg_strerror (rc));
1138 newstate = !info.chv1_cached;
1139 agent_release_card_info (&info);
1141 rc = agent_scd_setattr ("CHV-STATUS-1", newstate? "\x01":"", 1, NULL);
1143 log_error ("error toggling signature PIN flag: %s\n", gpg_strerror (rc));
1144 write_sc_op_status (rc);
1148 /* Helper for the key generation/edit functions. */
1150 get_info_for_key_operation (struct agent_card_info_s *info)
1154 memset (info, 0, sizeof *info);
1155 rc = agent_scd_getattr ("SERIALNO", info);
1156 if (rc || !info->serialno || strncmp (info->serialno, "D27600012401", 12)
1157 || strlen (info->serialno) != 32 )
1159 log_error (_("key operation not possible: %s\n"),
1160 rc ? gpg_strerror (rc) : _("not an OpenPGP card"));
1163 rc = agent_scd_getattr ("KEY-FPR", info);
1165 rc = agent_scd_getattr ("CHV-STATUS", info);
1167 rc = agent_scd_getattr ("DISP-NAME", info);
1169 rc = agent_scd_getattr ("EXTCAP", info);
1171 rc = agent_scd_getattr ("KEY-ATTR", info);
1173 log_error (_("error getting current key info: %s\n"), gpg_strerror (rc));
1178 /* Helper for the key generation/edit functions. */
1180 check_pin_for_key_operation (struct agent_card_info_s *info, int *forced_chv1)
1184 agent_clear_pin_cache (info->serialno);
1186 *forced_chv1 = !info->chv1_cached;
1188 { /* Switch off the forced mode so that during key generation we
1189 don't get bothered with PIN queries for each
1191 rc = agent_scd_setattr ("CHV-STATUS-1", "\x01", 1, info->serialno);
1194 log_error ("error clearing forced signature PIN flag: %s\n",
1202 /* Check the PIN now, so that we won't get asked later for each
1203 binding signature. */
1204 rc = agent_scd_checkpin (info->serialno);
1207 log_error ("error checking the PIN: %s\n", gpg_strerror (rc));
1208 write_sc_op_status (rc);
1214 /* Helper for the key generation/edit functions. */
1216 restore_forced_chv1 (int *forced_chv1)
1221 { /* Switch back to forced state. */
1222 rc = agent_scd_setattr ("CHV-STATUS-1", "", 1, NULL);
1225 log_error ("error setting forced signature PIN flag: %s\n",
1232 /* Helper for the key generation/edit functions. */
1234 show_card_key_info (struct agent_card_info_s *info)
1236 tty_fprintf (NULL, "Signature key ....:");
1237 print_sha1_fpr (NULL, info->fpr1valid? info->fpr1:NULL);
1238 tty_fprintf (NULL, "Encryption key....:");
1239 print_sha1_fpr (NULL, info->fpr2valid? info->fpr2:NULL);
1240 tty_fprintf (NULL, "Authentication key:");
1241 print_sha1_fpr (NULL, info->fpr3valid? info->fpr3:NULL);
1246 /* Helper for the key generation/edit functions. */
1248 replace_existing_key_p (struct agent_card_info_s *info, int keyno)
1250 log_assert (keyno >= 0 && keyno <= 3);
1252 if ((keyno == 1 && info->fpr1valid)
1253 || (keyno == 2 && info->fpr2valid)
1254 || (keyno == 3 && info->fpr3valid))
1257 log_info ("WARNING: such a key has already been stored on the card!\n");
1259 if ( !cpr_get_answer_is_yes( "cardedit.genkeys.replace_key",
1260 _("Replace existing key? (y/N) ")))
1269 show_keysize_warning (void)
1277 (_("Note: There is no guarantee that the card "
1278 "supports the requested size.\n"
1279 " If the key generation does not succeed, "
1280 "please check the\n"
1281 " documentation of your card to see what "
1282 "sizes are allowed.\n"));
1286 /* Ask for the size of a card key. NBITS is the current size
1287 configured for the card. KEYNO is the number of the key used to
1288 select the prompt. Returns 0 to use the default size (i.e. NBITS)
1289 or the selected size. */
1291 ask_card_rsa_keysize (int keyno, unsigned int nbits)
1293 unsigned int min_nbits = 1024;
1294 unsigned int max_nbits = 4096;
1295 char *prompt, *answer;
1296 unsigned int req_nbits;
1302 _("What keysize do you want for the Signature key? (%u) "):
1304 _("What keysize do you want for the Encryption key? (%u) "):
1305 _("What keysize do you want for the Authentication key? (%u) "),
1307 answer = cpr_get ("cardedit.genkeys.size", prompt);
1309 req_nbits = *answer? atoi (answer): nbits;
1313 if (req_nbits != nbits && (req_nbits % 32) )
1315 req_nbits = ((req_nbits + 31) / 32) * 32;
1316 tty_printf (_("rounded up to %u bits\n"), req_nbits);
1319 if (req_nbits == nbits)
1320 return 0; /* Use default. */
1322 if (req_nbits < min_nbits || req_nbits > max_nbits)
1324 tty_printf (_("%s keysizes must be in the range %u-%u\n"),
1325 "RSA", min_nbits, max_nbits);
1329 tty_printf (_("The card will now be re-configured "
1330 "to generate a key of %u bits\n"), req_nbits);
1331 show_keysize_warning ();
1338 /* Change the size of key KEYNO (0..2) to NBITS and show an error
1339 message if that fails. */
1341 do_change_rsa_keysize (int keyno, unsigned int nbits)
1346 snprintf (args, sizeof args, "--force %d 1 rsa%u", keyno+1, nbits);
1347 err = agent_scd_setattr ("KEY-ATTR", args, strlen (args), NULL);
1349 log_error (_("error changing size of key %d to %u bits: %s\n"),
1350 keyno+1, nbits, gpg_strerror (err));
1356 generate_card_keys (ctrl_t ctrl)
1358 struct agent_card_info_s info;
1363 if (get_info_for_key_operation (&info))
1370 /* FIXME: Should be something like cpr_get_bool so that a status
1371 GET_BOOL will be emitted. */
1372 answer = cpr_get ("cardedit.genkeys.backup_enc",
1373 _("Make off-card backup of encryption key? (Y/n) "));
1375 want_backup = answer_is_yes_no_default (answer, 1/*(default to Yes)*/);
1382 if ( (info.fpr1valid && !fpr_is_zero (info.fpr1))
1383 || (info.fpr2valid && !fpr_is_zero (info.fpr2))
1384 || (info.fpr3valid && !fpr_is_zero (info.fpr3)))
1387 log_info (_("Note: keys are already stored on the card!\n"));
1389 if ( !cpr_get_answer_is_yes ("cardedit.genkeys.replace_keys",
1390 _("Replace existing keys? (y/N) ")))
1392 agent_release_card_info (&info);
1397 /* If no displayed name has been set, we assume that this is a fresh
1398 card and print a hint about the default PINs. */
1399 if (!info.disp_name || !*info.disp_name)
1402 tty_printf (_("Please note that the factory settings of the PINs are\n"
1403 " PIN = '%s' Admin PIN = '%s'\n"
1404 "You should change them using the command --change-pin\n"),
1405 "123456", "12345678");
1409 if (check_pin_for_key_operation (&info, &forced_chv1))
1412 /* If the cards features changeable key attributes, we ask for the
1414 if (info.is_v2 && info.extcap.aac)
1418 for (keyno = 0; keyno < DIM (info.key_attr); keyno++)
1420 if (info.key_attr[keyno].algo == PUBKEY_ALGO_RSA)
1422 nbits = ask_card_rsa_keysize (keyno, info.key_attr[keyno].nbits);
1423 if (nbits && do_change_rsa_keysize (keyno, nbits))
1425 /* Error: Better read the default key size again. */
1426 agent_release_card_info (&info);
1427 if (get_info_for_key_operation (&info))
1429 /* Ask again for this key size. */
1434 /* Note that INFO has not be synced. However we will only use
1435 the serialnumber and thus it won't harm. */
1438 generate_keypair (ctrl, 1, NULL, info.serialno, want_backup);
1441 agent_release_card_info (&info);
1442 restore_forced_chv1 (&forced_chv1);
1446 /* This function is used by the key edit menu to generate an arbitrary
1449 card_generate_subkey (KBNODE pub_keyblock)
1452 struct agent_card_info_s info;
1453 int forced_chv1 = 0;
1456 err = get_info_for_key_operation (&info);
1460 show_card_key_info (&info);
1462 tty_printf (_("Please select the type of key to generate:\n"));
1464 tty_printf (_(" (1) Signature key\n"));
1465 tty_printf (_(" (2) Encryption key\n"));
1466 tty_printf (_(" (3) Authentication key\n"));
1470 char *answer = cpr_get ("cardedit.genkeys.subkeytype",
1471 _("Your selection? "));
1473 if (*answer == CONTROL_D)
1476 err = gpg_error (GPG_ERR_CANCELED);
1479 keyno = *answer? atoi(answer): 0;
1481 if (keyno >= 1 && keyno <= 3)
1483 tty_printf(_("Invalid selection.\n"));
1486 if (replace_existing_key_p (&info, keyno) < 0)
1488 err = gpg_error (GPG_ERR_CANCELED);
1492 err = check_pin_for_key_operation (&info, &forced_chv1);
1496 /* If the cards features changeable key attributes, we ask for the
1498 if (info.is_v2 && info.extcap.aac)
1500 if (info.key_attr[keyno-1].algo == PUBKEY_ALGO_RSA)
1505 nbits = ask_card_rsa_keysize (keyno-1, info.key_attr[keyno-1].nbits);
1506 if (nbits && do_change_rsa_keysize (keyno-1, nbits))
1508 /* Error: Better read the default key size again. */
1509 agent_release_card_info (&info);
1510 err = get_info_for_key_operation (&info);
1516 /* Note that INFO has not be synced. However we will only use
1517 the serialnumber and thus it won't harm. */
1520 err = generate_card_subkeypair (pub_keyblock, keyno, info.serialno);
1523 agent_release_card_info (&info);
1524 restore_forced_chv1 (&forced_chv1);
1529 /* Store the key at NODE into the smartcard and modify NODE to
1530 carry the serialno stuff instead of the actual secret key
1531 parameters. USE is the usage for that key; 0 means any
1534 card_store_subkey (KBNODE node, int use)
1536 struct agent_card_info_s info;
1545 gnupg_isotime_t timebuf;
1547 log_assert (node->pkt->pkttype == PKT_PUBLIC_KEY
1548 || node->pkt->pkttype == PKT_PUBLIC_SUBKEY);
1550 pk = node->pkt->pkt.public_key;
1552 if (get_info_for_key_operation (&info))
1555 if (!info.extcap.ki)
1557 tty_printf ("The card does not support the import of keys\n");
1562 nbits = nbits_from_pk (pk);
1564 if (!info.is_v2 && nbits != 1024)
1566 tty_printf ("You may only store a 1024 bit RSA key on the card\n");
1571 allow_keyno[0] = (!use || (use & (PUBKEY_USAGE_SIG|PUBKEY_USAGE_CERT)));
1572 allow_keyno[1] = (!use || (use & (PUBKEY_USAGE_ENC)));
1573 allow_keyno[2] = (!use || (use & (PUBKEY_USAGE_SIG|PUBKEY_USAGE_AUTH)));
1575 tty_printf (_("Please select where to store the key:\n"));
1578 tty_printf (_(" (1) Signature key\n"));
1580 tty_printf (_(" (2) Encryption key\n"));
1582 tty_printf (_(" (3) Authentication key\n"));
1586 char *answer = cpr_get ("cardedit.genkeys.storekeytype",
1587 _("Your selection? "));
1589 if (*answer == CONTROL_D || !*answer)
1594 keyno = *answer? atoi(answer): 0;
1596 if (keyno >= 1 && keyno <= 3 && allow_keyno[keyno-1])
1598 if (info.is_v2 && !info.extcap.aac
1599 && info.key_attr[keyno-1].nbits != nbits)
1601 tty_printf ("Key does not match the card's capability.\n");
1607 tty_printf(_("Invalid selection.\n"));
1610 if ((rc = replace_existing_key_p (&info, keyno)) < 0)
1613 err = hexkeygrip_from_pk (pk, &hexgrip);
1617 epoch2isotime (timebuf, (time_t)pk->timestamp);
1618 rc = agent_keytocard (hexgrip, keyno, rc, info.serialno, timebuf);
1621 log_error (_("KEYTOCARD failed: %s\n"), gpg_strerror (rc));
1627 agent_release_card_info (&info);
1633 /* Direct sending of an hex encoded APDU with error printing. */
1635 send_apdu (const char *hexapdu, const char *desc, unsigned int ignore)
1640 err = agent_scd_apdu (hexapdu, &sw);
1642 tty_printf ("sending card command %s failed: %s\n", desc,
1643 gpg_strerror (err));
1644 else if (!hexapdu || !strcmp (hexapdu, "undefined"))
1646 else if (ignore == 0xffff)
1647 ; /* Ignore all status words. */
1648 else if (sw != 0x9000)
1652 case 0x6285: err = gpg_error (GPG_ERR_OBJ_TERM_STATE); break;
1653 case 0x6982: err = gpg_error (GPG_ERR_BAD_PIN); break;
1654 case 0x6985: err = gpg_error (GPG_ERR_USE_CONDITIONS); break;
1655 default: err = gpg_error (GPG_ERR_CARD);
1657 if (!(ignore && ignore == sw))
1658 tty_printf ("card command %s failed: %s (0x%04x)\n", desc,
1659 gpg_strerror (err), sw);
1665 /* Do a factory reset after confirmation. */
1667 factory_reset (void)
1669 struct agent_card_info_s info;
1671 char *answer = NULL;
1675 /* The code below basically does the same what this
1676 gpg-connect-agent script does:
1679 scd serialno undefined
1680 scd apdu 00 A4 04 00 06 D2 76 00 01 24 01
1681 scd apdu 00 20 00 81 08 40 40 40 40 40 40 40 40
1682 scd apdu 00 20 00 81 08 40 40 40 40 40 40 40 40
1683 scd apdu 00 20 00 81 08 40 40 40 40 40 40 40 40
1684 scd apdu 00 20 00 81 08 40 40 40 40 40 40 40 40
1685 scd apdu 00 20 00 83 08 40 40 40 40 40 40 40 40
1686 scd apdu 00 20 00 83 08 40 40 40 40 40 40 40 40
1687 scd apdu 00 20 00 83 08 40 40 40 40 40 40 40 40
1688 scd apdu 00 20 00 83 08 40 40 40 40 40 40 40 40
1689 scd apdu 00 e6 00 00
1691 scd serialno undefined
1692 scd apdu 00 A4 04 00 06 D2 76 00 01 24 01
1693 scd apdu 00 44 00 00
1694 /echo Card has been reset to factory defaults
1696 but tries to find out something about the card first.
1699 err = agent_scd_learn (&info, 0);
1700 if (gpg_err_code (err) == GPG_ERR_OBJ_TERM_STATE
1701 && gpg_err_source (err) == GPG_ERR_SOURCE_SCD)
1705 log_error (_("OpenPGP card not available: %s\n"), gpg_strerror (err));
1711 log_info (_("OpenPGP card no. %s detected\n"),
1712 info.serialno? info.serialno : "[none]");
1713 if (!(info.status_indicator == 3 || info.status_indicator == 5))
1715 /* Note: We won't see status-indicator 3 here because it is not
1716 possible to select a card application in termination state. */
1717 log_error (_("This command is not supported by this card\n"));
1722 log_info (_("Note: This command destroys all keys stored on the card!\n"));
1724 if (!cpr_get_answer_is_yes ("cardedit.factory-reset.proceed",
1725 _("Continue? (y/N) ")))
1729 answer = cpr_get ("cardedit.factory-reset.really",
1730 _("Really do a factory reset? (enter \"yes\") "));
1732 trim_spaces (answer);
1733 if (strcmp (answer, "yes"))
1736 /* We need to select a card application before we can send APDUs
1737 to the card without scdaemon doing anything on its own. */
1738 err = send_apdu (NULL, "RESET", 0);
1741 err = send_apdu ("undefined", "dummy select ", 0);
1745 /* Select the OpenPGP application. */
1746 err = send_apdu ("00A4040006D27600012401", "SELECT AID", 0);
1750 /* Do some dummy verifies with wrong PINs to set the retry
1751 counter to zero. We can't easily use the card version 2.1
1752 feature of presenting the admin PIN to allow the terminate
1753 command because there is no machinery in scdaemon to catch
1754 the verify command and ask for the PIN when the "APDU"
1756 for (i=0; i < 4; i++)
1757 send_apdu ("00200081084040404040404040", "VERIFY", 0xffff);
1758 for (i=0; i < 4; i++)
1759 send_apdu ("00200083084040404040404040", "VERIFY", 0xffff);
1761 /* Send terminate datafile command. */
1762 err = send_apdu ("00e60000", "TERMINATE DF", 0x6985);
1767 /* The card is in termination state - reset and select again. */
1768 err = send_apdu (NULL, "RESET", 0);
1771 err = send_apdu ("undefined", "dummy select", 0);
1775 /* Select the OpenPGP application. (no error checking here). */
1776 send_apdu ("00A4040006D27600012401", "SELECT AID", 0xffff);
1778 /* Send activate datafile command. This is used without
1779 confirmation if the card is already in termination state. */
1780 err = send_apdu ("00440000", "ACTIVATE DF", 0);
1784 /* Finally we reset the card reader once more. */
1785 err = send_apdu (NULL, "RESET", 0);
1791 agent_release_card_info (&info);
1796 /* Data used by the command parser. This needs to be outside of the
1797 function scope to allow readline based command completion. */
1801 cmdQUIT, cmdADMIN, cmdHELP, cmdLIST, cmdDEBUG, cmdVERIFY,
1802 cmdNAME, cmdURL, cmdFETCH, cmdLOGIN, cmdLANG, cmdSEX, cmdCAFPR,
1803 cmdFORCESIG, cmdGENERATE, cmdPASSWD, cmdPRIVATEDO, cmdWRITECERT,
1804 cmdREADCERT, cmdUNBLOCK, cmdFACTORYRESET,
1816 { "quit" , cmdQUIT , 0, N_("quit this menu")},
1817 { "q" , cmdQUIT , 0, NULL },
1818 { "admin" , cmdADMIN , 0, N_("show admin commands")},
1819 { "help" , cmdHELP , 0, N_("show this help")},
1820 { "?" , cmdHELP , 0, NULL },
1821 { "list" , cmdLIST , 0, N_("list all available data")},
1822 { "l" , cmdLIST , 0, NULL },
1823 { "debug" , cmdDEBUG , 0, NULL },
1824 { "name" , cmdNAME , 1, N_("change card holder's name")},
1825 { "url" , cmdURL , 1, N_("change URL to retrieve key")},
1826 { "fetch" , cmdFETCH , 0, N_("fetch the key specified in the card URL")},
1827 { "login" , cmdLOGIN , 1, N_("change the login name")},
1828 { "lang" , cmdLANG , 1, N_("change the language preferences")},
1829 { "sex" , cmdSEX , 1, N_("change card holder's sex")},
1830 { "cafpr" , cmdCAFPR , 1, N_("change a CA fingerprint")},
1831 { "forcesig", cmdFORCESIG, 1, N_("toggle the signature force PIN flag")},
1832 { "generate", cmdGENERATE, 1, N_("generate new keys")},
1833 { "passwd" , cmdPASSWD, 0, N_("menu to change or unblock the PIN")},
1834 { "verify" , cmdVERIFY, 0, N_("verify the PIN and list all data")},
1835 { "unblock" , cmdUNBLOCK,0, N_("unblock the PIN using a Reset Code") },
1836 { "factory-reset", cmdFACTORYRESET, 1, N_("destroy all keys and data")},
1837 /* Note, that we do not announce these command yet. */
1838 { "privatedo", cmdPRIVATEDO, 0, NULL },
1839 { "readcert", cmdREADCERT, 0, NULL },
1840 { "writecert", cmdWRITECERT, 1, NULL },
1841 { NULL, cmdINVCMD, 0, NULL }
1845 #ifdef HAVE_LIBREADLINE
1847 /* These two functions are used by readline for command completion. */
1850 command_generator(const char *text,int state)
1852 static int list_index,len;
1855 /* If this is a new word to complete, initialize now. This includes
1856 saving the length of TEXT for efficiency, and initializing the
1857 index variable to 0. */
1864 /* Return the next partial match */
1865 while((name=cmds[list_index].name))
1867 /* Only complete commands that have help text */
1868 if(cmds[list_index++].desc && strncmp(name,text,len)==0)
1869 return strdup(name);
1876 card_edit_completion(const char *text, int start, int end)
1879 /* If we are at the start of a line, we try and command-complete.
1880 If not, just do nothing for now. */
1883 return rl_completion_matches(text,command_generator);
1885 rl_attempted_completion_over=1;
1889 #endif /*HAVE_LIBREADLINE*/
1891 /* Menu to edit all user changeable values on an OpenPGP card. Only
1892 Key creation is not handled here. */
1894 card_edit (ctrl_t ctrl, strlist_t commands)
1896 enum cmdids cmd = cmdNOP;
1897 int have_commands = !!commands;
1899 char *answer = NULL;
1901 char serialnobuf[50];
1904 if (opt.command_fd != -1)
1906 else if (opt.batch && !have_commands)
1908 log_error(_("can't do this in batch mode\n"));
1915 const char *arg_string = "";
1916 const char *arg_rest = "";
1924 if (opt.with_colons)
1926 card_status (es_stdout, serialnobuf, DIM (serialnobuf));
1931 card_status (NULL, serialnobuf, DIM (serialnobuf));
1944 answer = xstrdup (commands->d);
1945 commands = commands->next;
1949 answer = xstrdup ("quit");
1957 tty_enable_completion (card_edit_completion);
1958 answer = cpr_get_no_help("cardedit.prompt", _("gpg/card> "));
1960 tty_disable_completion ();
1962 trim_spaces(answer);
1964 while ( *answer == '#' );
1966 arg_number = 0; /* Yes, here is the init which egcc complains about */
1969 cmd = cmdLIST; /* Default to the list command */
1970 else if (*answer == CONTROL_D)
1974 if ((p=strchr (answer,' ')))
1977 trim_spaces (answer);
1979 arg_number = atoi(p);
1982 while (digitp (arg_rest))
1984 while (spacep (arg_rest))
1988 for (i=0; cmds[i].name; i++ )
1989 if (!ascii_strcasecmp (answer, cmds[i].name ))
1993 cmd_admin_only = cmds[i].admin_only;
1996 if (!allow_admin && cmd_admin_only)
1999 tty_printf (_("Admin-only command\n"));
2006 for (i=0; cmds[i].name; i++ )
2008 && (!cmds[i].admin_only || (cmds[i].admin_only && allow_admin)))
2009 tty_printf("%-14s %s\n", cmds[i].name, _(cmds[i].desc) );
2013 if ( !strcmp (arg_string, "on") )
2015 else if ( !strcmp (arg_string, "off") )
2017 else if ( !strcmp (arg_string, "verify") )
2019 /* Force verification of the Admin Command. However,
2020 this is only done if the retry counter is at initial
2022 char *tmp = xmalloc (strlen (serialnobuf) + 6 + 1);
2023 strcpy (stpcpy (tmp, serialnobuf), "[CHV3]");
2024 allow_admin = !agent_scd_checkpin (tmp);
2028 allow_admin=!allow_admin;
2030 tty_printf(_("Admin commands are allowed\n"));
2032 tty_printf(_("Admin commands are not allowed\n"));
2036 agent_scd_checkpin (serialnobuf);
2057 change_login (arg_string);
2069 if ( arg_number < 1 || arg_number > 3 )
2070 tty_printf ("usage: cafpr N\n"
2073 change_cafpr (arg_number);
2077 if ( arg_number < 1 || arg_number > 4 )
2078 tty_printf ("usage: privatedo N\n"
2081 change_private_do (arg_string, arg_number);
2085 if ( arg_number != 3 )
2086 tty_printf ("usage: writecert 3 < FILE\n");
2088 change_cert (arg_rest);
2092 if ( arg_number != 3 )
2093 tty_printf ("usage: readcert 3 > FILE\n");
2095 read_cert (arg_rest);
2103 generate_card_keys (ctrl);
2107 change_pin (0, allow_admin);
2111 change_pin (1, allow_admin);
2114 case cmdFACTORYRESET:
2127 tty_printf (_("Invalid command (try \"help\")\n"));
2129 } /* End command switch. */
2130 } /* End of main menu loop. */