diff --git a/openpgp-card-sequoia/src/card.rs b/openpgp-card-sequoia/src/card.rs index 654406f..bd83c26 100644 --- a/openpgp-card-sequoia/src/card.rs +++ b/openpgp-card-sequoia/src/card.rs @@ -430,6 +430,10 @@ impl Admin<'_, '_> { self.oc.opt.set_resetting_code(pin) } + pub fn set_pso_enc_dec_key(&mut self, key: &[u8]) -> Result<(), Error> { + self.oc.opt.set_pso_enc_dec_key(key) + } + pub fn reset_user_pin(&mut self, new: &[u8]) -> Result<(), Error> { self.oc.opt.reset_retry_counter_pw1(new, None) } diff --git a/openpgp-card/src/lib.rs b/openpgp-card/src/lib.rs index 691a986..9d3fb29 100644 --- a/openpgp-card/src/lib.rs +++ b/openpgp-card/src/lib.rs @@ -314,6 +314,7 @@ pub(crate) enum Tags { GenerationTimeAuthentication, // FIXME: +D1, D2 ResettingCode, + PsoEncDecKey, // OTHER // 4.4.3.12 Private Key Template @@ -422,6 +423,7 @@ impl From for ShortTag { Tags::GenerationTimeDecryption => [0xcf].into(), Tags::GenerationTimeAuthentication => [0xd0].into(), Tags::ResettingCode => [0xd3].into(), + Tags::PsoEncDecKey => [0xd5].into(), // OTHER // 4.4.3.12 Private Key Template diff --git a/openpgp-card/src/openpgp.rs b/openpgp-card/src/openpgp.rs index bd32121..ca9ae2d 100644 --- a/openpgp-card/src/openpgp.rs +++ b/openpgp-card/src/openpgp.rs @@ -801,6 +801,19 @@ impl<'a> OpenPgpTransaction<'a> { apdu::send_command(self.tx(), cmd, false)?.try_into() } + /// Set AES key for symmetric decryption/encryption operations. + /// + /// Optional DO (announced in Extended Capabilities) for + /// PSO:ENC/DEC with AES (32 bytes dec. in case of + /// AES256, 16 bytes dec. in case of AES128). + pub fn set_pso_enc_dec_key(&mut self, key: &[u8]) -> Result<(), Error> { + log::info!("OpenPgpTransaction: set_pso_enc_dec_key"); + + let fp_cmd = commands::put_data(Tags::PsoEncDecKey, key.to_vec()); + + apdu::send_command(self.tx(), fp_cmd, false)?.try_into() + } + // FIXME: optional DO for PSO:ENC/DEC with AES /// Set UIF for PSO:CDS