Normalize PIN-Parameters in opgpcard.

"-P" is now always the admin pin file, while "-p" is the user pin file.
2021-11-06 11:59:10 +01:00 · 2021-11-06 11:59:10 +01:00 · 9955c9e1be
commit 9955c9e1be
parent 8d31ee80db
3 changed files with 29 additions and 27 deletions
--- a/tools/README.md
+++ b/tools/README.md
@ -59,7 +59,7 @@ $ opgpcard status -c ABCD:12345678
 ```

 Add `-v` for more verbose card status, including the list of supported
-algorithms of the card:
+algorithms of the card (older cards may return no additional information):
 ```
 $ opgpcard status -c ABCD:12345678 -v
 ```
@ -69,7 +69,7 @@ $ opgpcard status -c ABCD:12345678 -v
 Import private key onto a card. This works if at most one (sub)key
 per role (sign, decrypt, auth) exists in `key.priv`:
 ```
-$ opgpcard admin -c ABCD:12345678 -p <pin-file> import key.priv
+$ opgpcard admin -c ABCD:12345678 -P <admin-pin-file> import key.priv
 ```

 Import private key onto a card while explicitly selecting subkeys.
@ -77,7 +77,7 @@ Explicitly specified fingerprints are necessary if more than one subkey
 exists in `key.priv` for any role (note: spaces in fingerprints are 
 ignored).
 ```
-$ opgpcard admin -c ABCD:12345678 -p <pin-file> import key.priv \
+$ opgpcard admin -c ABCD:12345678 -P <admin-pin-file> import key.priv \
 --sig-fp "F290 DBBF 21DB 8634 3C96  157B 87BE 15B7 F548 D97C" \
 --dec-fp "3C6E 08F6 7613 8935 8B8D  7666 73C7 F1A9 EEDA C360" \
 --auth-fp "D6AA 48EF 39A2 6F26 C42D  5BCB AAD2 14D5 5332 C838"
@ -89,19 +89,19 @@ keys will be imported for the other roles.
 ### Generate Keys on the card

 ```
-$ opgpcard admin -c ABCD:12345678 -p <admin-pin-file> generate --user-pin-file <user-pin-file> -o <output-file> 25519
+$ opgpcard admin -c ABCD:12345678 -P <admin-pin-file> generate -p <user-pin-file> -o <output-cert-file> 25519
 ```

 ### Set card metadata

 Set cardholder name:
 ```
-$ opgpcard admin -c ABCD:12345678 -p <pin-file> name "Bar<<Foo"
+$ opgpcard admin -c ABCD:12345678 -P <admin-pin-file> name "Bar<<Foo"
 ```

 Set cardholder URL:
 ```
-$ opgpcard admin -c ABCD:12345678 -p <pin-file> url "https://keyurl.example"
+$ opgpcard admin -c ABCD:12345678 -P <admin-pin-file> url "https://keyurl.example"
 ```

 ### Signing
@ -110,7 +110,7 @@ For now, this tool only supports creating detached signatures, like this
 (if no input file is set, stdin is read):

 ```
-$ opgpcard sign --detached -c ABCD:12345678 -p <pin-file> -s <cert-file> <input-file>
+$ opgpcard sign --detached -c ABCD:12345678 -p <user-pin-file> -s <cert-file> <input-file>
 ```

 ### Decrypting
@ -118,7 +118,7 @@ $ opgpcard sign --detached -c ABCD:12345678 -p <pin-file> -s <cert-file> <input-
 Decryption using a card (if no input file is set, stdin is read):

 ```
-$ opgpcard decrypt -c ABCD:12345678 -p <pin-file> -r <cert-file> <input-file>
+$ opgpcard decrypt -c ABCD:12345678 -p <user-pin-file> -r <cert-file> <input-file>
 ```

 ### Factory reset
@ -128,6 +128,8 @@ Factory reset:
 $ opgpcard factory-reset -c ABCD:12345678
 ```

+NOTE: you do not need a PIN to reset a card
+
 ## opgpcard-pin

 An interactive tool to set the admin and user PINs, and to reset the user 
--- a/tools/src/bin/opgpcard/cli.rs
+++ b/tools/src/bin/opgpcard/cli.rs
@ -35,8 +35,8 @@ pub enum Command {
        #[structopt(name = "card ident", short = "c", long = "card")]
        ident: String,

-        #[structopt(name = "Admin PIN file", short = "p", long = "pin-file")]
-        pin_file: PathBuf,
+        #[structopt(name = "Admin PIN file", short = "P", long = "admin-pin")]
+        admin_pin: PathBuf,

        #[structopt(subcommand)]
        cmd: AdminCommand,
@ -45,8 +45,8 @@ pub enum Command {
        #[structopt(name = "card ident", short = "c", long = "card")]
        ident: String,

-        #[structopt(name = "User PIN file", short = "p", long = "pin-file")]
-        pin_file: PathBuf,
+        #[structopt(name = "User PIN file", short = "p", long = "user-pin")]
+        user_pin: PathBuf,

        #[structopt(
            name = "recipient-cert-file",
@ -62,8 +62,8 @@ pub enum Command {
        #[structopt(name = "card ident", short = "c", long = "card")]
        ident: String,

-        #[structopt(name = "user pin file", short = "p", long = "pin-file")]
-        pin_file: PathBuf,
+        #[structopt(name = "User PIN file", short = "p", long = "user-pin")]
+        user_pin: PathBuf,

        #[structopt(name = "detached", short = "d", long = "detached")]
        detached: bool,
@ -121,8 +121,8 @@ pub enum AdminCommand {
    /// A signing key is always created, decryption and authentication keys
    /// are optional.
    Generate {
-        #[structopt(name = "User PIN file", long = "user-pin-file")]
-        user_pin_file: PathBuf,
+        #[structopt(name = "User PIN file", short = "p", long = "user-pin")]
+        user_pin: PathBuf,

        #[structopt(
            about = "Output file (stdout if unset)",
--- a/tools/src/bin/opgpcard/main.rs
+++ b/tools/src/bin/opgpcard/main.rs
@ -36,15 +36,15 @@ fn main() -> Result<(), Box<dyn std::error::Error>> {
        }
        cli::Command::Decrypt {
            ident,
-            pin_file,
+            user_pin,
            cert_file,
            input,
        } => {
-            decrypt(&ident, &pin_file, &cert_file, input.as_deref())?;
+            decrypt(&ident, &user_pin, &cert_file, input.as_deref())?;
        }
        cli::Command::Sign {
            ident,
-            pin_file,
+            user_pin,
            cert_file,
            detached,
            input,
@ -52,7 +52,7 @@ fn main() -> Result<(), Box<dyn std::error::Error>> {
            if detached {
                sign_detached(
                    &ident,
-                    &pin_file,
+                    &user_pin,
                    &cert_file,
                    input.as_deref(),
                )?;
@ -68,7 +68,7 @@ fn main() -> Result<(), Box<dyn std::error::Error>> {
        }
        cli::Command::Admin {
            ident,
-            pin_file,
+            admin_pin,
            cmd,
        } => {
            let mut card = util::open_card(&ident)?.into();
@ -76,12 +76,12 @@ fn main() -> Result<(), Box<dyn std::error::Error>> {

            match cmd {
                cli::AdminCommand::Name { name } => {
-                    let mut admin = util::get_admin(&mut open, &pin_file)?;
+                    let mut admin = util::get_admin(&mut open, &admin_pin)?;

                    let _ = admin.set_name(&name)?;
                }
                cli::AdminCommand::Url { url } => {
-                    let mut admin = util::get_admin(&mut open, &pin_file)?;
+                    let mut admin = util::get_admin(&mut open, &admin_pin)?;

                    let _ = admin.set_url(&url)?;
                }
@ -91,7 +91,7 @@ fn main() -> Result<(), Box<dyn std::error::Error>> {
                    dec_fp,
                    auth_fp,
                } => {
-                    let admin = util::get_admin(&mut open, &pin_file)?;
+                    let admin = util::get_admin(&mut open, &admin_pin)?;
                    let key = Cert::from_file(keyfile)?;

                    if (&sig_fp, &dec_fp, &auth_fp) == (&None, &None, &None) {
@ -106,14 +106,14 @@ fn main() -> Result<(), Box<dyn std::error::Error>> {
                    }
                }
                cli::AdminCommand::Generate {
-                    user_pin_file,
+                    user_pin,
                    output,
                    no_decrypt,
                    no_auth,
                    algo,
                } => {
-                    let pw3 = util::get_pin(&pin_file)?;
-                    let pw1 = util::get_pin(&user_pin_file)?;
+                    let pw3 = util::get_pin(&admin_pin)?;
+                    let pw1 = util::get_pin(&user_pin)?;

                    generate_keys(
                        open,