mirror of
https://github.com/linuxboot/heads.git
synced 2024-12-24 07:06:42 +00:00
Merge pull request #906 from Nitrokey/gpg-default-keylength
Default to 4096 bit for OEM factory reset (fixes #831)
This commit is contained in:
commit
014e59210d
@ -20,6 +20,8 @@ ADMIN_PIN_DEF=12345678
|
|||||||
TPM_PASS_DEF=12345678
|
TPM_PASS_DEF=12345678
|
||||||
CUSTOM_PASS=""
|
CUSTOM_PASS=""
|
||||||
|
|
||||||
|
RSA_KEY_LENGTH=4096
|
||||||
|
|
||||||
GPG_USER_NAME="OEM Key"
|
GPG_USER_NAME="OEM Key"
|
||||||
GPG_KEY_NAME=`date +%Y%m%d%H%M%S`
|
GPG_KEY_NAME=`date +%Y%m%d%H%M%S`
|
||||||
GPG_USER_MAIL="oem-${GPG_KEY_NAME}@example.com"
|
GPG_USER_MAIL="oem-${GPG_KEY_NAME}@example.com"
|
||||||
@ -76,6 +78,25 @@ gpg_key_reset()
|
|||||||
if lsusb | grep -q "20a0:4109" && [ -x /bin/hotp_verification ] ; then
|
if lsusb | grep -q "20a0:4109" && [ -x /bin/hotp_verification ] ; then
|
||||||
/bin/hotp_verification regenerate ${ADMIN_PIN_DEF}
|
/bin/hotp_verification regenerate ${ADMIN_PIN_DEF}
|
||||||
fi
|
fi
|
||||||
|
# Set RSA key length
|
||||||
|
{
|
||||||
|
echo admin
|
||||||
|
echo key-attr
|
||||||
|
echo 1 # RSA
|
||||||
|
echo ${RSA_KEY_LENGTH} #Signing key size set to RSA_KEY_LENGTH
|
||||||
|
echo ${ADMIN_PIN_DEF}
|
||||||
|
echo 1 # RSA
|
||||||
|
echo ${RSA_KEY_LENGTH} #Encryption key size set to RSA_KEY_LENGTH
|
||||||
|
echo ${ADMIN_PIN_DEF}
|
||||||
|
echo 1 # RSA
|
||||||
|
echo ${RSA_KEY_LENGTH} #Authentication key size set to RSA_KEY_LENGTH
|
||||||
|
echo ${ADMIN_PIN_DEF}
|
||||||
|
} | gpg --command-fd=0 --status-fd=1 --pinentry-mode=loopback --card-edit \
|
||||||
|
> /tmp/gpg_card_edit_output 2>/dev/null
|
||||||
|
if [ $? -ne 0 ]; then
|
||||||
|
ERROR=`cat /tmp/gpg_card_edit_output`
|
||||||
|
whiptail_error_die "Setting key attributed to RSA ${RSA_KEY_LENGTH} bits in USB security dongle failed."
|
||||||
|
fi
|
||||||
# Generate OEM GPG keys
|
# Generate OEM GPG keys
|
||||||
{
|
{
|
||||||
echo admin
|
echo admin
|
||||||
|
Loading…
Reference in New Issue
Block a user