Print PublicKeyMaterial for "status --verbose".
This commit is contained in:
Heiko Schaefer
parent
e695e8171a
commit
a24db398b6
2 changed files with 50 additions and 23 deletions
|
|
@ -5,12 +5,12 @@ SPDX-License-Identifier: MIT OR Apache-2.0
|
|||
|
||||
# OpenPGP card tools
|
||||
|
||||
This crate contains two tools for inspecting, configuring and using OpenPGP
|
||||
This crate contains two tools for inspecting, configuring and using OpenPGP
|
||||
cards: `opgpcard` and `opgpcard-pin`.
|
||||
|
||||
# Install
|
||||
|
||||
One easy way to install this crate is via the "cargo" tool.
|
||||
One easy way to install this crate is via the "cargo" tool.
|
||||
|
||||
The following build dependencies are needed for current Debian:
|
||||
|
||||
|
|
@ -30,52 +30,56 @@ Afterwards, you can install this crate by running:
|
|||
$ cargo install openpgp-card-tools
|
||||
```
|
||||
|
||||
Finally, add `$HOME/.cargo/bin` to your PATH to be able to run the
|
||||
installed binaries.
|
||||
|
||||
Finally, add `$HOME/.cargo/bin` to your PATH to be able to run the installed
|
||||
binaries.
|
||||
|
||||
## opgpcard
|
||||
|
||||
A tool to inspect, configure and use OpenPGP cards. All calls of this tool
|
||||
are non-interactive (this tool is designed to be easily usable from
|
||||
shell-scripts).
|
||||
A tool to inspect, configure and use OpenPGP cards. All calls of this tool are
|
||||
non-interactive (this tool is designed to be easily usable from shell-scripts)
|
||||
.
|
||||
|
||||
### List and inspect cards
|
||||
|
||||
List idents of all currently connected cards:
|
||||
|
||||
```
|
||||
$ opgpcard list
|
||||
```
|
||||
|
||||
Print status information about a card. The card is implicitly selected.
|
||||
Print status information about a card. The card is implicitly selected.
|
||||
However, this only works if exactly one card is connected:
|
||||
|
||||
```
|
||||
$ opgpcard status
|
||||
```
|
||||
|
||||
Explicitly print the status information for a specific card:
|
||||
|
||||
```
|
||||
$ opgpcard status -c ABCD:01234567
|
||||
```
|
||||
|
||||
Add `-v` for more verbose card status, including the list of supported
|
||||
algorithms of the card (older cards may return no additional information):
|
||||
Add `-v` for more verbose card status (including the list of supported
|
||||
algorithms of the card, if the card returns that list):
|
||||
|
||||
```
|
||||
$ opgpcard status -c ABCD:01234567 -v
|
||||
```
|
||||
|
||||
### Import keys
|
||||
|
||||
Import private key onto a card. This works if at most one (sub)key
|
||||
per role (sign, decrypt, auth) exists in `key.priv`:
|
||||
Import private key onto a card. This works if at most one (sub)key per role (
|
||||
sign, decrypt, auth) exists in `key.priv`:
|
||||
|
||||
```
|
||||
$ opgpcard admin -c ABCD:01234567 -P <admin-pin-file> import key.priv
|
||||
```
|
||||
|
||||
Import private key onto a card while explicitly selecting subkeys.
|
||||
Explicitly specified fingerprints are necessary if more than one subkey
|
||||
exists in `key.priv` for any role (note: spaces in fingerprints are
|
||||
ignored).
|
||||
Import private key onto a card while explicitly selecting subkeys. Explicitly
|
||||
specified fingerprints are necessary if more than one subkey exists
|
||||
in `key.priv` for any role (note: spaces in fingerprints are ignored).
|
||||
|
||||
```
|
||||
$ opgpcard admin -c ABCD:01234567 -P <admin-pin-file> import key.priv \
|
||||
--sig-fp "F290 DBBF 21DB 8634 3C96 157B 87BE 15B7 F548 D97C" \
|
||||
|
|
@ -83,8 +87,8 @@ $ opgpcard admin -c ABCD:01234567 -P <admin-pin-file> import key.priv \
|
|||
--auth-fp "D6AA 48EF 39A2 6F26 C42D 5BCB AAD2 14D5 5332 C838"
|
||||
```
|
||||
|
||||
When fingerprints are only specified for a subset of the roles, no
|
||||
keys will be imported for the other roles.
|
||||
When fingerprints are only specified for a subset of the roles, no keys will
|
||||
be imported for the other roles.
|
||||
|
||||
### Generate Keys on the card
|
||||
|
||||
|
|
@ -95,11 +99,13 @@ $ opgpcard admin -c ABCD:01234567 -P <admin-pin-file> generate -p <user-pin-file
|
|||
### Set card metadata
|
||||
|
||||
Set cardholder name:
|
||||
|
||||
```
|
||||
$ opgpcard admin -c ABCD:01234567 -P <admin-pin-file> name "Bar<<Foo"
|
||||
```
|
||||
|
||||
Set cardholder URL:
|
||||
|
||||
```
|
||||
$ opgpcard admin -c ABCD:01234567 -P <admin-pin-file> url "https://keyurl.example"
|
||||
```
|
||||
|
|
@ -124,6 +130,7 @@ $ opgpcard decrypt -c ABCD:01234567 -p <user-pin-file> -r <cert-file> <input-fil
|
|||
### Factory reset
|
||||
|
||||
Factory reset:
|
||||
|
||||
```
|
||||
$ opgpcard factory-reset -c ABCD:01234567
|
||||
```
|
||||
|
|
@ -133,8 +140,8 @@ NOTE: you do not need a PIN to reset a card!
|
|||
### Using file-descriptors for PINs
|
||||
|
||||
When using a shell like
|
||||
[bash](https://www.gnu.org/software/bash/manual/html_node/Redirections.html#Here-Strings),
|
||||
you can pass user and/or admin PINs via file-descriptors:
|
||||
[bash](https://www.gnu.org/software/bash/manual/html_node/Redirections.html#Here-Strings)
|
||||
, you can pass user and/or admin PINs via file-descriptors:
|
||||
|
||||
```
|
||||
$ opgpcard sign --detached -c ABCD:01234567 -p /dev/fd/3 -s <cert-file> 3<<<123456
|
||||
|
|
@ -146,30 +153,35 @@ $ opgpcard admin -c ABCD:01234567 -P /dev/fd/3 generate -p /dev/fd/4 -o <output-
|
|||
|
||||
## opgpcard-pin
|
||||
|
||||
An interactive tool to set the admin and user PINs, and to reset the user
|
||||
PIN on OpenPGP cards.
|
||||
An interactive tool to set the admin and user PINs, and to reset the user PIN
|
||||
on OpenPGP cards.
|
||||
|
||||
Set the user PIN (requires admin PIN):
|
||||
|
||||
```
|
||||
opgpcard-pin -c ABCD:01234567 set-user-pin
|
||||
```
|
||||
|
||||
Set new admin PIN (requires admin PIN):
|
||||
|
||||
```
|
||||
opgpcard-pin -c ABCD:01234567 set-admin-pin
|
||||
```
|
||||
|
||||
Reset user PIN after it has been blocked (requires admin PIN):
|
||||
|
||||
```
|
||||
opgpcard-pin -c ABCD:01234567 reset-user-pin -a
|
||||
```
|
||||
|
||||
Set resetting code (requires admin PIN):
|
||||
|
||||
```
|
||||
opgpcard-pin -c ABCD:01234567 set-reset-code
|
||||
```
|
||||
|
||||
Reset user PIN (requires resetting code):
|
||||
|
||||
```
|
||||
opgpcard-pin -c ABCD:01234567 reset-user-pin
|
||||
```
|
||||
|
|
|
|||
|
|
@ -218,6 +218,11 @@ fn print_status(ident: Option<String>, verbose: bool) -> Result<()> {
|
|||
if let Some(kgt) = kgt.signature() {
|
||||
println! {" created: {}",kgt.formatted()};
|
||||
}
|
||||
if verbose {
|
||||
if let Ok(pkm) = open.get_pub_key(KeyType::Signing) {
|
||||
println! {" public key material: {}", pkm};
|
||||
}
|
||||
}
|
||||
|
||||
println!();
|
||||
println!(
|
||||
|
|
@ -230,6 +235,11 @@ fn print_status(ident: Option<String>, verbose: bool) -> Result<()> {
|
|||
if let Some(kgt) = kgt.decryption() {
|
||||
println! {" created: {}",kgt.formatted()};
|
||||
}
|
||||
if verbose {
|
||||
if let Ok(pkm) = open.get_pub_key(KeyType::Decryption) {
|
||||
println! {" public key material: {}", pkm};
|
||||
}
|
||||
}
|
||||
|
||||
println!();
|
||||
println!(
|
||||
|
|
@ -242,6 +252,11 @@ fn print_status(ident: Option<String>, verbose: bool) -> Result<()> {
|
|||
if let Some(kgt) = kgt.authentication() {
|
||||
println! {" created: {}",kgt.formatted()};
|
||||
}
|
||||
if verbose {
|
||||
if let Ok(pkm) = open.get_pub_key(KeyType::Authentication) {
|
||||
println! {" public key material: {}", pkm};
|
||||
}
|
||||
}
|
||||
|
||||
// technical details about the card and its state
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue