turnkey/openpgp-card
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Print PublicKeyMaterial for "status --verbose".

Browse source
This commit is contained in:
Heiko Schaefer 2021-11-16 19:19:29 +01:00
parent e695e8171a
commit a24db398b6
No known key found for this signature in database
GPG key ID: 4A849A1904CCBD7D
2 changed files with 50 additions and 23 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

52
tools/README.md
View file

@ -30,52 +30,56 @@ Afterwards, you can install this crate by running:
$ cargo install openpgp-card-tools $ cargo install openpgp-card-tools
``` ```
Finally, add `$HOME/.cargo/bin` to your PATH to be able to run the Finally, add `$HOME/.cargo/bin` to your PATH to be able to run the installed
installed binaries. binaries.
## opgpcard ## opgpcard
A tool to inspect, configure and use OpenPGP cards. All calls of this tool A tool to inspect, configure and use OpenPGP cards. All calls of this tool are
are non-interactive (this tool is designed to be easily usable from non-interactive (this tool is designed to be easily usable from shell-scripts)
shell-scripts). .
### List and inspect cards ### List and inspect cards
List idents of all currently connected cards: List idents of all currently connected cards:
``` ```
$ opgpcard list $ opgpcard list
``` ```
Print status information about a card. The card is implicitly selected. Print status information about a card. The card is implicitly selected.
However, this only works if exactly one card is connected: However, this only works if exactly one card is connected:
``` ```
$ opgpcard status $ opgpcard status
``` ```
Explicitly print the status information for a specific card: Explicitly print the status information for a specific card:
``` ```
$ opgpcard status -c ABCD:01234567 $ opgpcard status -c ABCD:01234567
``` ```
Add `-v` for more verbose card status, including the list of supported Add `-v` for more verbose card status (including the list of supported
algorithms of the card (older cards may return no additional information): algorithms of the card, if the card returns that list):
``` ```
$ opgpcard status -c ABCD:01234567 -v $ opgpcard status -c ABCD:01234567 -v
``` ```
### Import keys ### Import keys
Import private key onto a card. This works if at most one (sub)key Import private key onto a card. This works if at most one (sub)key per role (
per role (sign, decrypt, auth) exists in `key.priv`: sign, decrypt, auth) exists in `key.priv`:
``` ```
$ opgpcard admin -c ABCD:01234567 -P <admin-pin-file> import key.priv $ opgpcard admin -c ABCD:01234567 -P <admin-pin-file> import key.priv
``` ```
Import private key onto a card while explicitly selecting subkeys. Import private key onto a card while explicitly selecting subkeys. Explicitly
Explicitly specified fingerprints are necessary if more than one subkey specified fingerprints are necessary if more than one subkey exists
exists in `key.priv` for any role (note: spaces in fingerprints are in `key.priv` for any role (note: spaces in fingerprints are ignored).
ignored).
``` ```
$ opgpcard admin -c ABCD:01234567 -P <admin-pin-file> import key.priv \ $ opgpcard admin -c ABCD:01234567 -P <admin-pin-file> import key.priv \
--sig-fp "F290 DBBF 21DB 8634 3C96 157B 87BE 15B7 F548 D97C" \ --sig-fp "F290 DBBF 21DB 8634 3C96 157B 87BE 15B7 F548 D97C" \
@ -83,8 +87,8 @@ $ opgpcard admin -c ABCD:01234567 -P <admin-pin-file> import key.priv \
--auth-fp "D6AA 48EF 39A2 6F26 C42D 5BCB AAD2 14D5 5332 C838" --auth-fp "D6AA 48EF 39A2 6F26 C42D 5BCB AAD2 14D5 5332 C838"
``` ```
When fingerprints are only specified for a subset of the roles, no When fingerprints are only specified for a subset of the roles, no keys will
keys will be imported for the other roles. be imported for the other roles.
### Generate Keys on the card ### Generate Keys on the card
@ -95,11 +99,13 @@ $ opgpcard admin -c ABCD:01234567 -P <admin-pin-file> generate -p <user-pin-file
### Set card metadata ### Set card metadata
Set cardholder name: Set cardholder name:
``` ```
$ opgpcard admin -c ABCD:01234567 -P <admin-pin-file> name "Bar<<Foo" $ opgpcard admin -c ABCD:01234567 -P <admin-pin-file> name "Bar<<Foo"
``` ```
Set cardholder URL: Set cardholder URL:
``` ```
$ opgpcard admin -c ABCD:01234567 -P <admin-pin-file> url "https://keyurl.example" $ opgpcard admin -c ABCD:01234567 -P <admin-pin-file> url "https://keyurl.example"
``` ```
@ -124,6 +130,7 @@ $ opgpcard decrypt -c ABCD:01234567 -p <user-pin-file> -r <cert-file> <input-fil
### Factory reset ### Factory reset
Factory reset: Factory reset:
``` ```
$ opgpcard factory-reset -c ABCD:01234567 $ opgpcard factory-reset -c ABCD:01234567
``` ```
@ -133,8 +140,8 @@ NOTE: you do not need a PIN to reset a card!
### Using file-descriptors for PINs ### Using file-descriptors for PINs
When using a shell like When using a shell like
[bash](https://www.gnu.org/software/bash/manual/html_node/Redirections.html#Here-Strings), [bash](https://www.gnu.org/software/bash/manual/html_node/Redirections.html#Here-Strings)
you can pass user and/or admin PINs via file-descriptors: , you can pass user and/or admin PINs via file-descriptors:
``` ```
$ opgpcard sign --detached -c ABCD:01234567 -p /dev/fd/3 -s <cert-file> 3<<<123456 $ opgpcard sign --detached -c ABCD:01234567 -p /dev/fd/3 -s <cert-file> 3<<<123456
@ -146,30 +153,35 @@ $ opgpcard admin -c ABCD:01234567 -P /dev/fd/3 generate -p /dev/fd/4 -o <output-
## opgpcard-pin ## opgpcard-pin
An interactive tool to set the admin and user PINs, and to reset the user An interactive tool to set the admin and user PINs, and to reset the user PIN
PIN on OpenPGP cards. on OpenPGP cards.
Set the user PIN (requires admin PIN): Set the user PIN (requires admin PIN):
``` ```
opgpcard-pin -c ABCD:01234567 set-user-pin opgpcard-pin -c ABCD:01234567 set-user-pin
``` ```
Set new admin PIN (requires admin PIN): Set new admin PIN (requires admin PIN):
``` ```
opgpcard-pin -c ABCD:01234567 set-admin-pin opgpcard-pin -c ABCD:01234567 set-admin-pin
``` ```
Reset user PIN after it has been blocked (requires admin PIN): Reset user PIN after it has been blocked (requires admin PIN):
``` ```
opgpcard-pin -c ABCD:01234567 reset-user-pin -a opgpcard-pin -c ABCD:01234567 reset-user-pin -a
``` ```
Set resetting code (requires admin PIN): Set resetting code (requires admin PIN):
``` ```
opgpcard-pin -c ABCD:01234567 set-reset-code opgpcard-pin -c ABCD:01234567 set-reset-code
``` ```
Reset user PIN (requires resetting code): Reset user PIN (requires resetting code):
``` ```
opgpcard-pin -c ABCD:01234567 reset-user-pin opgpcard-pin -c ABCD:01234567 reset-user-pin
``` ```

15
tools/src/bin/opgpcard/main.rs
View file

@ -218,6 +218,11 @@ fn print_status(ident: Option<String>, verbose: bool) -> Result<()> {
if let Some(kgt) = kgt.signature() { if let Some(kgt) = kgt.signature() {
println! {" created: {}",kgt.formatted()}; println! {" created: {}",kgt.formatted()};
} }
if verbose {
if let Ok(pkm) = open.get_pub_key(KeyType::Signing) {
println! {" public key material: {}", pkm};
}
}
println!(); println!();
println!( println!(
@ -230,6 +235,11 @@ fn print_status(ident: Option<String>, verbose: bool) -> Result<()> {
if let Some(kgt) = kgt.decryption() { if let Some(kgt) = kgt.decryption() {
println! {" created: {}",kgt.formatted()}; println! {" created: {}",kgt.formatted()};
} }
if verbose {
if let Ok(pkm) = open.get_pub_key(KeyType::Decryption) {
println! {" public key material: {}", pkm};
}
}
println!(); println!();
println!( println!(
@ -242,6 +252,11 @@ fn print_status(ident: Option<String>, verbose: bool) -> Result<()> {
if let Some(kgt) = kgt.authentication() { if let Some(kgt) = kgt.authentication() {
println! {" created: {}",kgt.formatted()}; println! {" created: {}",kgt.formatted()};
} }
if verbose {
if let Ok(pkm) = open.get_pub_key(KeyType::Authentication) {
println! {" public key material: {}", pkm};
}
}
// technical details about the card and its state // technical details about the card and its state