From e31d6dcb8e39fb7f4b7fce0d7524c5955d7b7616 Mon Sep 17 00:00:00 2001 From: alex-nitrokey Date: Tue, 24 Nov 2020 12:48:41 +0100 Subject: [PATCH] Default to 4096 bit for OEM factory reset --- initrd/bin/oem-factory-reset | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/initrd/bin/oem-factory-reset b/initrd/bin/oem-factory-reset index a78ffed2..c484ad00 100755 --- a/initrd/bin/oem-factory-reset +++ b/initrd/bin/oem-factory-reset @@ -20,6 +20,8 @@ ADMIN_PIN_DEF=12345678 TPM_PASS_DEF=12345678 CUSTOM_PASS="" +RSA_KEY_LENGTH=4096 + GPG_USER_NAME="OEM Key" GPG_KEY_NAME=`date +%Y%m%d%H%M%S` GPG_USER_MAIL="oem-${GPG_KEY_NAME}@example.com" @@ -76,6 +78,25 @@ gpg_key_reset() if lsusb | grep -q "20a0:4109" && [ -x /bin/hotp_verification ] ; then /bin/hotp_verification regenerate ${ADMIN_PIN_DEF} fi + # Set RSA key length + { + echo admin + echo key-attr + echo 1 # RSA + echo ${RSA_KEY_LENGTH} #Signing key size set to RSA_KEY_LENGTH + echo ${ADMIN_PIN_DEF} + echo 1 # RSA + echo ${RSA_KEY_LENGTH} #Encryption key size set to RSA_KEY_LENGTH + echo ${ADMIN_PIN_DEF} + echo 1 # RSA + echo ${RSA_KEY_LENGTH} #Authentication key size set to RSA_KEY_LENGTH + echo ${ADMIN_PIN_DEF} + } | gpg --command-fd=0 --status-fd=1 --pinentry-mode=loopback --card-edit \ + > /tmp/gpg_card_edit_output 2>/dev/null + if [ $? -ne 0 ]; then + ERROR=`cat /tmp/gpg_card_edit_output` + whiptail_error_die "Setting key attributed to RSA ${RSA_KEY_LENGTH} bits in USB security dongle failed." + fi # Generate OEM GPG keys { echo admin