From e31d6dcb8e39fb7f4b7fce0d7524c5955d7b7616 Mon Sep 17 00:00:00 2001
From: alex-nitrokey <alex@nitrokey.com>
Date: Tue, 24 Nov 2020 12:48:41 +0100
Subject: [PATCH] Default to 4096 bit for OEM factory reset

---
 initrd/bin/oem-factory-reset | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)

diff --git a/initrd/bin/oem-factory-reset b/initrd/bin/oem-factory-reset
index a78ffed2c..c484ad008 100755
--- a/initrd/bin/oem-factory-reset
+++ b/initrd/bin/oem-factory-reset
@@ -20,6 +20,8 @@ ADMIN_PIN_DEF=12345678
 TPM_PASS_DEF=12345678
 CUSTOM_PASS=""
 
+RSA_KEY_LENGTH=4096
+
 GPG_USER_NAME="OEM Key"
 GPG_KEY_NAME=`date +%Y%m%d%H%M%S`
 GPG_USER_MAIL="oem-${GPG_KEY_NAME}@example.com"
@@ -76,6 +78,25 @@ gpg_key_reset()
     if lsusb | grep -q "20a0:4109" &&  [ -x /bin/hotp_verification ] ; then
         /bin/hotp_verification regenerate ${ADMIN_PIN_DEF}
     fi
+    # Set RSA key length
+    {
+        echo admin
+        echo key-attr
+        echo 1 # RSA
+        echo ${RSA_KEY_LENGTH} #Signing key size set to RSA_KEY_LENGTH
+        echo ${ADMIN_PIN_DEF}
+        echo 1 # RSA
+        echo ${RSA_KEY_LENGTH} #Encryption key size set to RSA_KEY_LENGTH
+        echo ${ADMIN_PIN_DEF}
+        echo 1 # RSA
+        echo ${RSA_KEY_LENGTH} #Authentication key size set to RSA_KEY_LENGTH
+        echo ${ADMIN_PIN_DEF}
+    } | gpg --command-fd=0 --status-fd=1 --pinentry-mode=loopback --card-edit \
+        > /tmp/gpg_card_edit_output 2>/dev/null
+    if [ $? -ne 0 ]; then
+        ERROR=`cat /tmp/gpg_card_edit_output`
+        whiptail_error_die "Setting key attributed to RSA ${RSA_KEY_LENGTH} bits in USB security dongle failed."
+    fi
     # Generate OEM GPG keys
     {
         echo admin