From 71f6c98ed5df9317e0b898e688b6273984245989 Mon Sep 17 00:00:00 2001
From: Nora Widdecke <nora@sequoia-pgp.org>
Date: Thu, 27 Oct 2022 13:22:49 +0200
Subject: [PATCH 1/2] opgpcard: Prevent losing the generated cert.

  - opgpcard admin generate by default prints the corresponding
    certificate to stdout, where it's easy for a careless user to lose
    it.

  - Make the --output argument mandatory, so the certificate is always
    stored in a file.
---
 tools/src/bin/opgpcard/commands/admin.rs | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/tools/src/bin/opgpcard/commands/admin.rs b/tools/src/bin/opgpcard/commands/admin.rs
index 4cbd347..56e6bd9 100644
--- a/tools/src/bin/opgpcard/commands/admin.rs
+++ b/tools/src/bin/opgpcard/commands/admin.rs
@@ -86,9 +86,9 @@ pub struct AdminGenerateCommand {
     #[clap(name = "User PIN file", short = 'p', long = "user-pin")]
     user_pin: Option<PathBuf>,
 
-    /// Output file (stdout if unset)
+    /// Output file
     #[clap(name = "output", long = "output", short = 'o')]
-    output_file: Option<PathBuf>,
+    output_file: PathBuf,
 
     #[clap(long = "no-decrypt", action = clap::ArgAction::SetFalse)]
     decrypt: bool,
@@ -484,8 +484,8 @@ fn generate_command(
     let armored = String::from_utf8(cert.armored().to_vec()?)?;
     output.public_key(armored);
 
-    // Write armored certificate to the output file (or stdout)
-    let mut handle = util::open_or_stdout(cmd.output_file.as_deref())?;
+    // Write armored certificate to the output file
+    let mut handle = util::open_or_stdout(Some(&cmd.output_file))?;
     handle.write_all(output.print(output_format, output_version)?.as_bytes())?;
     let _ = handle.write(b"\n")?;
 

From 4c5a166d2bdc7b0e8bc45838b1bd764d6b397efe Mon Sep 17 00:00:00 2001
From: Nora Widdecke <nora@sequoia-pgp.org>
Date: Thu, 27 Oct 2022 15:08:18 +0200
Subject: [PATCH 2/2] opgpcard: Remove ident line from output.

  - The certificate generated by admin generate is written to a file,
    prefixed with a line containing the card identifier. That means the
    file is not immediately usable as a pgp certificate.

  - Remove the identifier line.
---
 tools/src/bin/opgpcard/output/generate.rs | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/tools/src/bin/opgpcard/output/generate.rs b/tools/src/bin/opgpcard/output/generate.rs
index 33c3282..cc92843 100644
--- a/tools/src/bin/opgpcard/output/generate.rs
+++ b/tools/src/bin/opgpcard/output/generate.rs
@@ -27,10 +27,8 @@ impl AdminGenerate {
     }
 
     fn text(&self) -> Result<String, OpgpCardError> {
-        Ok(format!(
-            "OpenPGP card {}\n\n{}\n",
-            self.ident, self.public_key,
-        ))
+        // Do not print ident, as the file with the public_key must not contain anything else
+        Ok(self.public_key.to_string())
     }
 
     fn v1(&self) -> Result<AdminGenerateV0, OpgpCardError> {