Normalize PIN-Parameters in opgpcard.

"-P" is now always the admin pin file, while "-p" is the user pin file.
This commit is contained in:
Heiko Schaefer 2021-11-06 11:59:10 +01:00
parent 8d31ee80db
commit 9955c9e1be
No known key found for this signature in database
GPG key ID: 4A849A1904CCBD7D
3 changed files with 29 additions and 27 deletions

View file

@ -59,7 +59,7 @@ $ opgpcard status -c ABCD:12345678
```
Add `-v` for more verbose card status, including the list of supported
algorithms of the card:
algorithms of the card (older cards may return no additional information):
```
$ opgpcard status -c ABCD:12345678 -v
```
@ -69,7 +69,7 @@ $ opgpcard status -c ABCD:12345678 -v
Import private key onto a card. This works if at most one (sub)key
per role (sign, decrypt, auth) exists in `key.priv`:
```
$ opgpcard admin -c ABCD:12345678 -p <pin-file> import key.priv
$ opgpcard admin -c ABCD:12345678 -P <admin-pin-file> import key.priv
```
Import private key onto a card while explicitly selecting subkeys.
@ -77,7 +77,7 @@ Explicitly specified fingerprints are necessary if more than one subkey
exists in `key.priv` for any role (note: spaces in fingerprints are
ignored).
```
$ opgpcard admin -c ABCD:12345678 -p <pin-file> import key.priv \
$ opgpcard admin -c ABCD:12345678 -P <admin-pin-file> import key.priv \
--sig-fp "F290 DBBF 21DB 8634 3C96 157B 87BE 15B7 F548 D97C" \
--dec-fp "3C6E 08F6 7613 8935 8B8D 7666 73C7 F1A9 EEDA C360" \
--auth-fp "D6AA 48EF 39A2 6F26 C42D 5BCB AAD2 14D5 5332 C838"
@ -89,19 +89,19 @@ keys will be imported for the other roles.
### Generate Keys on the card
```
$ opgpcard admin -c ABCD:12345678 -p <admin-pin-file> generate --user-pin-file <user-pin-file> -o <output-file> 25519
$ opgpcard admin -c ABCD:12345678 -P <admin-pin-file> generate -p <user-pin-file> -o <output-cert-file> 25519
```
### Set card metadata
Set cardholder name:
```
$ opgpcard admin -c ABCD:12345678 -p <pin-file> name "Bar<<Foo"
$ opgpcard admin -c ABCD:12345678 -P <admin-pin-file> name "Bar<<Foo"
```
Set cardholder URL:
```
$ opgpcard admin -c ABCD:12345678 -p <pin-file> url "https://keyurl.example"
$ opgpcard admin -c ABCD:12345678 -P <admin-pin-file> url "https://keyurl.example"
```
### Signing
@ -110,7 +110,7 @@ For now, this tool only supports creating detached signatures, like this
(if no input file is set, stdin is read):
```
$ opgpcard sign --detached -c ABCD:12345678 -p <pin-file> -s <cert-file> <input-file>
$ opgpcard sign --detached -c ABCD:12345678 -p <user-pin-file> -s <cert-file> <input-file>
```
### Decrypting
@ -118,7 +118,7 @@ $ opgpcard sign --detached -c ABCD:12345678 -p <pin-file> -s <cert-file> <input-
Decryption using a card (if no input file is set, stdin is read):
```
$ opgpcard decrypt -c ABCD:12345678 -p <pin-file> -r <cert-file> <input-file>
$ opgpcard decrypt -c ABCD:12345678 -p <user-pin-file> -r <cert-file> <input-file>
```
### Factory reset
@ -128,6 +128,8 @@ Factory reset:
$ opgpcard factory-reset -c ABCD:12345678
```
NOTE: you do not need a PIN to reset a card
## opgpcard-pin
An interactive tool to set the admin and user PINs, and to reset the user

View file

@ -35,8 +35,8 @@ pub enum Command {
#[structopt(name = "card ident", short = "c", long = "card")]
ident: String,
#[structopt(name = "Admin PIN file", short = "p", long = "pin-file")]
pin_file: PathBuf,
#[structopt(name = "Admin PIN file", short = "P", long = "admin-pin")]
admin_pin: PathBuf,
#[structopt(subcommand)]
cmd: AdminCommand,
@ -45,8 +45,8 @@ pub enum Command {
#[structopt(name = "card ident", short = "c", long = "card")]
ident: String,
#[structopt(name = "User PIN file", short = "p", long = "pin-file")]
pin_file: PathBuf,
#[structopt(name = "User PIN file", short = "p", long = "user-pin")]
user_pin: PathBuf,
#[structopt(
name = "recipient-cert-file",
@ -62,8 +62,8 @@ pub enum Command {
#[structopt(name = "card ident", short = "c", long = "card")]
ident: String,
#[structopt(name = "user pin file", short = "p", long = "pin-file")]
pin_file: PathBuf,
#[structopt(name = "User PIN file", short = "p", long = "user-pin")]
user_pin: PathBuf,
#[structopt(name = "detached", short = "d", long = "detached")]
detached: bool,
@ -121,8 +121,8 @@ pub enum AdminCommand {
/// A signing key is always created, decryption and authentication keys
/// are optional.
Generate {
#[structopt(name = "User PIN file", long = "user-pin-file")]
user_pin_file: PathBuf,
#[structopt(name = "User PIN file", short = "p", long = "user-pin")]
user_pin: PathBuf,
#[structopt(
about = "Output file (stdout if unset)",

View file

@ -36,15 +36,15 @@ fn main() -> Result<(), Box<dyn std::error::Error>> {
}
cli::Command::Decrypt {
ident,
pin_file,
user_pin,
cert_file,
input,
} => {
decrypt(&ident, &pin_file, &cert_file, input.as_deref())?;
decrypt(&ident, &user_pin, &cert_file, input.as_deref())?;
}
cli::Command::Sign {
ident,
pin_file,
user_pin,
cert_file,
detached,
input,
@ -52,7 +52,7 @@ fn main() -> Result<(), Box<dyn std::error::Error>> {
if detached {
sign_detached(
&ident,
&pin_file,
&user_pin,
&cert_file,
input.as_deref(),
)?;
@ -68,7 +68,7 @@ fn main() -> Result<(), Box<dyn std::error::Error>> {
}
cli::Command::Admin {
ident,
pin_file,
admin_pin,
cmd,
} => {
let mut card = util::open_card(&ident)?.into();
@ -76,12 +76,12 @@ fn main() -> Result<(), Box<dyn std::error::Error>> {
match cmd {
cli::AdminCommand::Name { name } => {
let mut admin = util::get_admin(&mut open, &pin_file)?;
let mut admin = util::get_admin(&mut open, &admin_pin)?;
let _ = admin.set_name(&name)?;
}
cli::AdminCommand::Url { url } => {
let mut admin = util::get_admin(&mut open, &pin_file)?;
let mut admin = util::get_admin(&mut open, &admin_pin)?;
let _ = admin.set_url(&url)?;
}
@ -91,7 +91,7 @@ fn main() -> Result<(), Box<dyn std::error::Error>> {
dec_fp,
auth_fp,
} => {
let admin = util::get_admin(&mut open, &pin_file)?;
let admin = util::get_admin(&mut open, &admin_pin)?;
let key = Cert::from_file(keyfile)?;
if (&sig_fp, &dec_fp, &auth_fp) == (&None, &None, &None) {
@ -106,14 +106,14 @@ fn main() -> Result<(), Box<dyn std::error::Error>> {
}
}
cli::AdminCommand::Generate {
user_pin_file,
user_pin,
output,
no_decrypt,
no_auth,
algo,
} => {
let pw3 = util::get_pin(&pin_file)?;
let pw1 = util::get_pin(&user_pin_file)?;
let pw3 = util::get_pin(&admin_pin)?;
let pw1 = util::get_pin(&user_pin)?;
generate_keys(
open,