From 0694e084e4fc06cf688e59f246fbbff51bacfbff Mon Sep 17 00:00:00 2001
From: Heiko Schaefer <heiko@schaefer.name>
Date: Tue, 24 May 2022 18:33:46 +0200
Subject: [PATCH] Add comment about verifying the admin PIN before attempting a
 PIN-change (and a link to a yubico developer blog article detailing a
 potential pitfall of *not* doing that check)

---
 tools/src/bin/opgpcard/main.rs | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/tools/src/bin/opgpcard/main.rs b/tools/src/bin/opgpcard/main.rs
index 5903cd4..ad95bba 100644
--- a/tools/src/bin/opgpcard/main.rs
+++ b/tools/src/bin/opgpcard/main.rs
@@ -286,6 +286,9 @@ fn main() -> Result<(), Box<dyn std::error::Error>> {
 
                         // verify pin
                         open.verify_admin(&admin_pin1)?;
+                        // (Verifying the PIN here fixes this class of problems:
+                        // https://developers.yubico.com/PGP/PGP_PIN_Change_Behavior.html
+                        // It is also just generally more user friendly than failing later)
                         println!("PIN was accepted by the card.\n");
 
                         let pin_new = match admin_pin_new {