Merge pull request from Nitrokey/gpg-default-keylength

Default to 4096 bit for OEM factory reset (fixes )
This commit is contained in:
tlaurion 2020-12-02 18:20:39 -05:00 committed by GitHub
commit 014e59210d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -20,6 +20,8 @@ ADMIN_PIN_DEF=12345678
TPM_PASS_DEF=12345678 TPM_PASS_DEF=12345678
CUSTOM_PASS="" CUSTOM_PASS=""
RSA_KEY_LENGTH=4096
GPG_USER_NAME="OEM Key" GPG_USER_NAME="OEM Key"
GPG_KEY_NAME=`date +%Y%m%d%H%M%S` GPG_KEY_NAME=`date +%Y%m%d%H%M%S`
GPG_USER_MAIL="oem-${GPG_KEY_NAME}@example.com" GPG_USER_MAIL="oem-${GPG_KEY_NAME}@example.com"
@ -76,6 +78,25 @@ gpg_key_reset()
if lsusb | grep -q "20a0:4109" && [ -x /bin/hotp_verification ] ; then if lsusb | grep -q "20a0:4109" && [ -x /bin/hotp_verification ] ; then
/bin/hotp_verification regenerate ${ADMIN_PIN_DEF} /bin/hotp_verification regenerate ${ADMIN_PIN_DEF}
fi fi
# Set RSA key length
{
echo admin
echo key-attr
echo 1 # RSA
echo ${RSA_KEY_LENGTH} #Signing key size set to RSA_KEY_LENGTH
echo ${ADMIN_PIN_DEF}
echo 1 # RSA
echo ${RSA_KEY_LENGTH} #Encryption key size set to RSA_KEY_LENGTH
echo ${ADMIN_PIN_DEF}
echo 1 # RSA
echo ${RSA_KEY_LENGTH} #Authentication key size set to RSA_KEY_LENGTH
echo ${ADMIN_PIN_DEF}
} | gpg --command-fd=0 --status-fd=1 --pinentry-mode=loopback --card-edit \
> /tmp/gpg_card_edit_output 2>/dev/null
if [ $? -ne 0 ]; then
ERROR=`cat /tmp/gpg_card_edit_output`
whiptail_error_die "Setting key attributed to RSA ${RSA_KEY_LENGTH} bits in USB security dongle failed."
fi
# Generate OEM GPG keys # Generate OEM GPG keys
{ {
echo admin echo admin