diff --git a/tools/README.md b/tools/README.md index f2caf9e..80b31ff 100644 --- a/tools/README.md +++ b/tools/README.md @@ -59,7 +59,7 @@ $ opgpcard status -c ABCD:12345678 ``` Add `-v` for more verbose card status, including the list of supported -algorithms of the card: +algorithms of the card (older cards may return no additional information): ``` $ opgpcard status -c ABCD:12345678 -v ``` @@ -69,7 +69,7 @@ $ opgpcard status -c ABCD:12345678 -v Import private key onto a card. This works if at most one (sub)key per role (sign, decrypt, auth) exists in `key.priv`: ``` -$ opgpcard admin -c ABCD:12345678 -p import key.priv +$ opgpcard admin -c ABCD:12345678 -P import key.priv ``` Import private key onto a card while explicitly selecting subkeys. @@ -77,7 +77,7 @@ Explicitly specified fingerprints are necessary if more than one subkey exists in `key.priv` for any role (note: spaces in fingerprints are ignored). ``` -$ opgpcard admin -c ABCD:12345678 -p import key.priv \ +$ opgpcard admin -c ABCD:12345678 -P import key.priv \ --sig-fp "F290 DBBF 21DB 8634 3C96 157B 87BE 15B7 F548 D97C" \ --dec-fp "3C6E 08F6 7613 8935 8B8D 7666 73C7 F1A9 EEDA C360" \ --auth-fp "D6AA 48EF 39A2 6F26 C42D 5BCB AAD2 14D5 5332 C838" @@ -89,19 +89,19 @@ keys will be imported for the other roles. ### Generate Keys on the card ``` -$ opgpcard admin -c ABCD:12345678 -p generate --user-pin-file -o 25519 +$ opgpcard admin -c ABCD:12345678 -P generate -p -o 25519 ``` ### Set card metadata Set cardholder name: ``` -$ opgpcard admin -c ABCD:12345678 -p name "Bar< name "Bar< url "https://keyurl.example" +$ opgpcard admin -c ABCD:12345678 -P url "https://keyurl.example" ``` ### Signing @@ -110,7 +110,7 @@ For now, this tool only supports creating detached signatures, like this (if no input file is set, stdin is read): ``` -$ opgpcard sign --detached -c ABCD:12345678 -p -s +$ opgpcard sign --detached -c ABCD:12345678 -p -s ``` ### Decrypting @@ -118,7 +118,7 @@ $ opgpcard sign --detached -c ABCD:12345678 -p -s -r +$ opgpcard decrypt -c ABCD:12345678 -p -r ``` ### Factory reset @@ -128,6 +128,8 @@ Factory reset: $ opgpcard factory-reset -c ABCD:12345678 ``` +NOTE: you do not need a PIN to reset a card + ## opgpcard-pin An interactive tool to set the admin and user PINs, and to reset the user diff --git a/tools/src/bin/opgpcard/cli.rs b/tools/src/bin/opgpcard/cli.rs index 92c48fc..09d7862 100644 --- a/tools/src/bin/opgpcard/cli.rs +++ b/tools/src/bin/opgpcard/cli.rs @@ -35,8 +35,8 @@ pub enum Command { #[structopt(name = "card ident", short = "c", long = "card")] ident: String, - #[structopt(name = "Admin PIN file", short = "p", long = "pin-file")] - pin_file: PathBuf, + #[structopt(name = "Admin PIN file", short = "P", long = "admin-pin")] + admin_pin: PathBuf, #[structopt(subcommand)] cmd: AdminCommand, @@ -45,8 +45,8 @@ pub enum Command { #[structopt(name = "card ident", short = "c", long = "card")] ident: String, - #[structopt(name = "User PIN file", short = "p", long = "pin-file")] - pin_file: PathBuf, + #[structopt(name = "User PIN file", short = "p", long = "user-pin")] + user_pin: PathBuf, #[structopt( name = "recipient-cert-file", @@ -62,8 +62,8 @@ pub enum Command { #[structopt(name = "card ident", short = "c", long = "card")] ident: String, - #[structopt(name = "user pin file", short = "p", long = "pin-file")] - pin_file: PathBuf, + #[structopt(name = "User PIN file", short = "p", long = "user-pin")] + user_pin: PathBuf, #[structopt(name = "detached", short = "d", long = "detached")] detached: bool, @@ -121,8 +121,8 @@ pub enum AdminCommand { /// A signing key is always created, decryption and authentication keys /// are optional. Generate { - #[structopt(name = "User PIN file", long = "user-pin-file")] - user_pin_file: PathBuf, + #[structopt(name = "User PIN file", short = "p", long = "user-pin")] + user_pin: PathBuf, #[structopt( about = "Output file (stdout if unset)", diff --git a/tools/src/bin/opgpcard/main.rs b/tools/src/bin/opgpcard/main.rs index b583082..4bf37e2 100644 --- a/tools/src/bin/opgpcard/main.rs +++ b/tools/src/bin/opgpcard/main.rs @@ -36,15 +36,15 @@ fn main() -> Result<(), Box> { } cli::Command::Decrypt { ident, - pin_file, + user_pin, cert_file, input, } => { - decrypt(&ident, &pin_file, &cert_file, input.as_deref())?; + decrypt(&ident, &user_pin, &cert_file, input.as_deref())?; } cli::Command::Sign { ident, - pin_file, + user_pin, cert_file, detached, input, @@ -52,7 +52,7 @@ fn main() -> Result<(), Box> { if detached { sign_detached( &ident, - &pin_file, + &user_pin, &cert_file, input.as_deref(), )?; @@ -68,7 +68,7 @@ fn main() -> Result<(), Box> { } cli::Command::Admin { ident, - pin_file, + admin_pin, cmd, } => { let mut card = util::open_card(&ident)?.into(); @@ -76,12 +76,12 @@ fn main() -> Result<(), Box> { match cmd { cli::AdminCommand::Name { name } => { - let mut admin = util::get_admin(&mut open, &pin_file)?; + let mut admin = util::get_admin(&mut open, &admin_pin)?; let _ = admin.set_name(&name)?; } cli::AdminCommand::Url { url } => { - let mut admin = util::get_admin(&mut open, &pin_file)?; + let mut admin = util::get_admin(&mut open, &admin_pin)?; let _ = admin.set_url(&url)?; } @@ -91,7 +91,7 @@ fn main() -> Result<(), Box> { dec_fp, auth_fp, } => { - let admin = util::get_admin(&mut open, &pin_file)?; + let admin = util::get_admin(&mut open, &admin_pin)?; let key = Cert::from_file(keyfile)?; if (&sig_fp, &dec_fp, &auth_fp) == (&None, &None, &None) { @@ -106,14 +106,14 @@ fn main() -> Result<(), Box> { } } cli::AdminCommand::Generate { - user_pin_file, + user_pin, output, no_decrypt, no_auth, algo, } => { - let pw3 = util::get_pin(&pin_file)?; - let pw1 = util::get_pin(&user_pin_file)?; + let pw3 = util::get_pin(&admin_pin)?; + let pw1 = util::get_pin(&user_pin)?; generate_keys( open,