turnkey/openpgp-card
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Use select_data() in AttCommand::Show

Browse source
This commit is contained in:
Heiko Schaefer 2022-05-24 12:19:24 +02:00
parent 22c29262d3
commit 26f1af2bd3
No known key found for this signature in database
GPG key ID: 4A849A1904CCBD7D
1 changed files with 20 additions and 14 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

34
tools/src/bin/opgpcard/main.rs
View file

@ -119,28 +119,34 @@ fn main() -> Result<(), Box<dyn std::error::Error>> {
let mut pgp = OpenPgp::new(&mut *card); let mut pgp = OpenPgp::new(&mut *card);
let mut open = Open::new(pgp.transaction()?)?; let mut open = Open::new(pgp.transaction()?)?;
// Load cardholder certificate from card. // Get cardholder certificate from card.
// FIXME/Note: SELECT_DATA seemed to not work as expected on YK5, let mut select_data_workaround = false;
let cert = match key.as_str() { // Use "select data" workaround if the card reports a
"AUT" => open.cardholder_certificate()?, // yk firmware version number >= 5 and <= 5.4.3
"DEC" => { if let Ok(version) = open.firmware_version() {
// skip first cardholder certificate if version.len() == 3
let _ = open.cardholder_certificate()?; && version[0] == 5
open.next_cardholder_certificate()? && (version[1] < 4 || (version[1] == 4 && version[2] <= 3))
} {
"SIG" => { select_data_workaround = true;
// skip first two cardholder certificates
let _ = open.cardholder_certificate()?;
let _ = open.next_cardholder_certificate()?;
open.next_cardholder_certificate()?
} }
}
// Select cardholder certificate
match key.as_str() {
"AUT" => open.select_data(0, &[0x7F, 0x21], select_data_workaround)?,
"DEC" => open.select_data(1, &[0x7F, 0x21], select_data_workaround)?,
"SIG" => open.select_data(2, &[0x7F, 0x21], select_data_workaround)?,
_ => { _ => {
return Err(anyhow!("Unexpected Key Type {}", key).into()); return Err(anyhow!("Unexpected Key Type {}", key).into());
} }
}; };
// Get DO "cardholder certificate" (returns the slot that was previously selected)
let cert = open.cardholder_certificate()?;
if !cert.is_empty() { if !cert.is_empty() {
let pem = util::pem_encode(cert); let pem = util::pem_encode(cert);
println!("{}", pem); println!("{}", pem);