Don't require a certificate for signing or decryption (use the public key material from the card instead).
This commit is contained in:
Heiko Schaefer
parent
6e630254fa
commit
b614716c0b
3 changed files with 8 additions and 23 deletions
|
|
@ -453,13 +453,13 @@ For now, this tool only supports creating detached signatures, like this
|
|||
(if no input file is set, stdin is read):
|
||||
|
||||
```
|
||||
$ opgpcard sign --detached -c ABCD:01234567 -p <user-pin-file> -s <cert-file> <input-file>
|
||||
$ opgpcard sign --detached -c ABCD:01234567 -p <user-pin-file> <input-file>
|
||||
```
|
||||
|
||||
or interactively
|
||||
|
||||
```
|
||||
$ opgpcard sign --detached -c ABCD:01234567 -s <cert-file> <input-file>
|
||||
$ opgpcard sign --detached -c ABCD:01234567 <input-file>
|
||||
```
|
||||
|
||||
### Decrypting
|
||||
|
|
@ -467,13 +467,13 @@ $ opgpcard sign --detached -c ABCD:01234567 -s <cert-file> <input-file>
|
|||
Decryption using a card (if no input file is set, stdin is read):
|
||||
|
||||
```
|
||||
$ opgpcard decrypt -c ABCD:01234567 -p <user-pin-file> -r <cert-file> <input-file>
|
||||
$ opgpcard decrypt -c ABCD:01234567 -p <user-pin-file> <input-file>
|
||||
```
|
||||
|
||||
or interactively
|
||||
|
||||
```
|
||||
$ opgpcard decrypt -c ABCD:01234567 -r <cert-file> <input-file>
|
||||
$ opgpcard decrypt -c ABCD:01234567 <input-file>
|
||||
```
|
||||
|
||||
### PIN management
|
||||
|
|
|
|||
|
|
@ -85,9 +85,6 @@ pub enum Command {
|
|||
#[clap(name = "User PIN file", short = 'p', long = "user-pin")]
|
||||
user_pin: Option<PathBuf>,
|
||||
|
||||
#[clap(name = "recipient-cert-file", short = 'r', long = "recipient-cert")]
|
||||
cert_file: PathBuf,
|
||||
|
||||
/// Input file (stdin if unset)
|
||||
#[clap(name = "input")]
|
||||
input: Option<PathBuf>,
|
||||
|
|
@ -105,9 +102,6 @@ pub enum Command {
|
|||
#[clap(name = "detached", short = 'd', long = "detached")]
|
||||
detached: bool,
|
||||
|
||||
#[clap(name = "signer-cert-file", short = 's', long = "signer-cert")]
|
||||
cert_file: PathBuf,
|
||||
|
||||
/// Input file (stdin if unset)
|
||||
#[clap(name = "input")]
|
||||
input: Option<PathBuf>,
|
||||
|
|
|
|||
|
|
@ -62,20 +62,18 @@ fn main() -> Result<(), Box<dyn std::error::Error>> {
|
|||
cli::Command::Decrypt {
|
||||
ident,
|
||||
user_pin,
|
||||
cert_file,
|
||||
input,
|
||||
} => {
|
||||
decrypt(&ident, user_pin, &cert_file, input.as_deref())?;
|
||||
decrypt(&ident, user_pin, input.as_deref())?;
|
||||
}
|
||||
cli::Command::Sign {
|
||||
ident,
|
||||
user_pin,
|
||||
cert_file,
|
||||
detached,
|
||||
input,
|
||||
} => {
|
||||
if detached {
|
||||
sign_detached(&ident, user_pin, &cert_file, input.as_deref())?;
|
||||
sign_detached(&ident, user_pin, input.as_deref())?;
|
||||
} else {
|
||||
return Err(
|
||||
anyhow::anyhow!("Only detached signatures are supported for now").into(),
|
||||
|
|
@ -878,11 +876,9 @@ fn print_pubkey(ident: Option<String>, user_pin: Option<PathBuf>) -> Result<()>
|
|||
fn decrypt(
|
||||
ident: &str,
|
||||
pin_file: Option<PathBuf>,
|
||||
cert_file: &Path,
|
||||
input: Option<&Path>,
|
||||
) -> Result<(), Box<dyn std::error::Error>> {
|
||||
let p = StandardPolicy::new();
|
||||
let cert = Cert::from_file(cert_file)?;
|
||||
|
||||
let input = util::open_or_stdin(input)?;
|
||||
|
||||
|
|
@ -894,9 +890,7 @@ fn decrypt(
|
|||
let user_pin = util::get_pin(&mut open, pin_file, ENTER_USER_PIN);
|
||||
|
||||
let mut user = util::verify_to_user(&mut open, user_pin.as_deref())?;
|
||||
let d = user.decryptor(&cert, &|| {
|
||||
println!("Touch confirmation needed for decryption")
|
||||
})?;
|
||||
let d = user.decryptor(&|| println!("Touch confirmation needed for decryption"))?;
|
||||
|
||||
let db = DecryptorBuilder::from_reader(input)?;
|
||||
let mut decryptor = db.with_policy(&p, None, d)?;
|
||||
|
|
@ -909,11 +903,8 @@ fn decrypt(
|
|||
fn sign_detached(
|
||||
ident: &str,
|
||||
pin_file: Option<PathBuf>,
|
||||
cert_file: &Path,
|
||||
input: Option<&Path>,
|
||||
) -> Result<(), Box<dyn std::error::Error>> {
|
||||
let cert = Cert::from_file(cert_file)?;
|
||||
|
||||
let mut input = util::open_or_stdin(input)?;
|
||||
|
||||
let mut card = util::open_card(ident)?;
|
||||
|
|
@ -924,7 +915,7 @@ fn sign_detached(
|
|||
let user_pin = util::get_pin(&mut open, pin_file, ENTER_USER_PIN);
|
||||
|
||||
let mut sign = util::verify_to_sign(&mut open, user_pin.as_deref())?;
|
||||
let s = sign.signer(&cert, &|| println!("Touch confirmation needed for signing"))?;
|
||||
let s = sign.signer(&|| println!("Touch confirmation needed for signing"))?;
|
||||
|
||||
let message = Armorer::new(Message::new(std::io::stdout())).build()?;
|
||||
let mut signer = Signer::new(message, s).detached().build()?;
|
||||
|
|
|
|||
Loading…
Reference in a new issue