|
|
@@ -5,6 +5,8 @@ import cryptography.hazmat.primitives.serialization
|
|
|
import cryptography.x509
|
|
|
import math
|
|
|
|
|
|
+DEFAULT_SMARTCARD_APP_ID_HEX = 'D2760001240102010001234567890000'
|
|
|
+
|
|
|
|
|
|
def convert_to_sexp(data):
|
|
|
if isinstance(data, int):
|
|
|
@@ -20,10 +22,8 @@ def convert_to_sexp(data):
|
|
|
return b'(' + b''.join(convert_to_sexp(i) for i in data) + b')'
|
|
|
|
|
|
|
|
|
-def create_gpg_key():
|
|
|
+def create_gpg_key(smartcard_app_id_hex):
|
|
|
backend = cryptography.hazmat.backends.default_backend()
|
|
|
- with open('smartcard-app-id.hex', 'r') as f:
|
|
|
- appid = int(f.read(), 16)
|
|
|
with open('cert-request.pem', 'rb') as f:
|
|
|
req = cryptography.x509.load_pem_x509_csr(f.read(), backend)
|
|
|
assert req.is_signature_valid
|
|
|
@@ -32,7 +32,7 @@ def create_gpg_key():
|
|
|
'rsa',
|
|
|
['n', pubnums.n],
|
|
|
['e', pubnums.e],
|
|
|
- ['shadowed', 't1-v1', [appid, 'OPENPGP.1']],
|
|
|
+ ['shadowed', 't1-v1', [int(smartcard_app_id_hex, 16), 'OPENPGP.1']],
|
|
|
]]
|
|
|
key = convert_to_sexp(key_data)
|
|
|
with open('gpg-key.sexp', 'wb') as f:
|
|
|
@@ -45,6 +45,13 @@ def _init_argparser():
|
|
|
description='create a shadowed-private-key in sexp format for gnupg\'s private-keys-v1.d folder'
|
|
|
+ ' containing the public key of a PEM-encoded X.509 certificate signing request (CSR)',
|
|
|
)
|
|
|
+ argparser.add_argument(
|
|
|
+ '--smartcard-app-id',
|
|
|
+ dest='smartcard_app_id_hex',
|
|
|
+ metavar='hex-string',
|
|
|
+ default=DEFAULT_SMARTCARD_APP_ID_HEX,
|
|
|
+ help='default: %(default)s',
|
|
|
+ )
|
|
|
return argparser
|
|
|
|
|
|
|
