OpenPGP owns CardBackend (instead of holding a &mut CardBackend).

When OpenPgp holds a &mut CardBackend, clients of this library need to keep track of the CardBackend (which adds unnecessary complexity).

card-functionality/src/list-cards.rs

@@ -10,8 +10,8 @@ use openpgp_card_sequoia::card::Open;
 fn main() -> Result<()> {
     println!("The following OpenPGP cards are connected to your system:");
 
-    for mut card in PcscBackend::cards(None)? {
+    for card in PcscBackend::cards(None)? {
-        let mut pgp = OpenPgp::new(&mut card);
+        let mut pgp = OpenPgp::new(Box::new(card));
         let open = Open::new(pgp.transaction()?)?;
         println!(" {}", open.application_identifier()?.ident());
     }

card-functionality/src/tests.rs

@@ -15,7 +15,7 @@ use sequoia_openpgp::Cert;
 
 use openpgp_card::algorithm::AlgoSimple;
 use openpgp_card::card_do::{KeyGenerationTime, Sex};
-use openpgp_card::{CardBackend, Error, KeyType, OpenPgp, OpenPgpTransaction, StatusBytes};
+use openpgp_card::{Error, KeyType, OpenPgp, OpenPgpTransaction, StatusBytes};
 use openpgp_card_sequoia::card::Open;
 use openpgp_card_sequoia::util::{
     make_cert, public_key_material_and_fp_to_key, public_key_material_to_key,
@@ -52,11 +52,7 @@ pub enum TestError {
 }
 
 /// Run after each "upload keys", if key *was* uploaded (?)
-pub fn test_decrypt(
+pub fn test_decrypt(pgp: &mut OpenPgp, param: &[&str]) -> Result<TestOutput, TestError> {
-    card: &mut (dyn CardBackend + Send + Sync),
-    param: &[&str],
-) -> Result<TestOutput, TestError> {
-    let mut pgp = OpenPgp::new(card);
     let mut pgpt = pgp.transaction()?;
 
     assert_eq!(
@@ -85,11 +81,7 @@ pub fn test_decrypt(
 }
 
 /// Run after each "upload keys", if key *was* uploaded (?)
-pub fn test_sign(
+pub fn test_sign(pgp: &mut OpenPgp, param: &[&str]) -> Result<TestOutput, TestError> {
-    card: &mut (dyn CardBackend + Send + Sync),
-    param: &[&str],
-) -> Result<TestOutput, TestError> {
-    let mut pgp = OpenPgp::new(card);
     let mut pgpt = pgp.transaction()?;
 
     assert_eq!(param.len(), 1, "test_sign needs a filename for 'cert'");
@@ -156,11 +148,7 @@ fn check_key_upload_algo_attrs() -> Result<()> {
     Ok(())
 }
 
-pub fn test_print_caps(
+pub fn test_print_caps(pgp: &mut OpenPgp, _param: &[&str]) -> Result<TestOutput, TestError> {
-    card: &mut (dyn CardBackend + Send + Sync),
-    _param: &[&str],
-) -> Result<TestOutput, TestError> {
-    let mut pgp = OpenPgp::new(card);
     let mut pgpt = pgp.transaction()?;
 
     let ard = pgpt.application_related_data()?;
@@ -180,11 +168,7 @@ pub fn test_print_caps(
     Ok(vec![])
 }
 
-pub fn test_print_algo_info(
+pub fn test_print_algo_info(pgp: &mut OpenPgp, _param: &[&str]) -> Result<TestOutput, TestError> {
-    card: &mut (dyn CardBackend + Send + Sync),
-    _param: &[&str],
-) -> Result<TestOutput, TestError> {
-    let mut pgp = OpenPgp::new(card);
     let mut pgpt = pgp.transaction()?;
 
     let ard = pgpt.application_related_data()?;
@@ -202,11 +186,7 @@ pub fn test_print_algo_info(
     Ok(vec![])
 }
 
-pub fn test_upload_keys(
+pub fn test_upload_keys(pgp: &mut OpenPgp, param: &[&str]) -> Result<TestOutput, TestError> {
-    card: &mut (dyn CardBackend + Send + Sync),
-    param: &[&str],
-) -> Result<TestOutput, TestError> {
-    let mut pgp = OpenPgp::new(card);
     let mut pgpt = pgp.transaction()?;
 
     assert_eq!(
@@ -233,11 +213,7 @@ pub fn test_upload_keys(
 }
 
 /// Generate keys for each of the three KeyTypes
-pub fn test_keygen(
+pub fn test_keygen(pgp: &mut OpenPgp, param: &[&str]) -> Result<TestOutput, TestError> {
-    card: &mut (dyn CardBackend + Send + Sync),
-    param: &[&str],
-) -> Result<TestOutput, TestError> {
-    let mut pgp = OpenPgp::new(card);
     let pgpt = pgp.transaction()?;
 
     let mut open = Open::new(pgpt)?;
@@ -286,11 +262,7 @@ pub fn test_keygen(
 }
 
 /// Construct public key based on data from the card
-pub fn test_get_pub(
+pub fn test_get_pub(pgp: &mut OpenPgp, _param: &[&str]) -> Result<TestOutput, TestError> {
-    card: &mut (dyn CardBackend + Send + Sync),
-    _param: &[&str],
-) -> Result<TestOutput, TestError> {
-    let mut pgp = OpenPgp::new(card);
     let mut pgpt = pgp.transaction()?;
 
     let ard = pgpt.application_related_data()?;
@@ -335,11 +307,7 @@ pub fn test_get_pub(
     Ok(vec![])
 }
 
-pub fn test_reset(
+pub fn test_reset(pgp: &mut OpenPgp, _param: &[&str]) -> Result<TestOutput, TestError> {
-    card: &mut (dyn CardBackend + Send + Sync),
-    _param: &[&str],
-) -> Result<TestOutput, TestError> {
-    let mut pgp = OpenPgp::new(card);
     let mut pgpt = pgp.transaction()?;
 
     pgpt.factory_reset()?;
@@ -351,11 +319,7 @@ pub fn test_reset(
 ///
 /// Returns an empty TestOutput, throws errors for unexpected Status codes
 /// and for unequal field values.
-pub fn test_set_user_data(
+pub fn test_set_user_data(pgp: &mut OpenPgp, _param: &[&str]) -> Result<TestOutput, TestError> {
-    card: &mut (dyn CardBackend + Send + Sync),
-    _param: &[&str],
-) -> Result<TestOutput, TestError> {
-    let mut pgp = OpenPgp::new(card);
     let mut pgpt = pgp.transaction()?;
 
     pgpt.verify_pw3(b"12345678")?;
@@ -388,11 +352,7 @@ pub fn test_set_user_data(
     Ok(vec![])
 }
 
-pub fn test_private_data(
+pub fn test_private_data(pgp: &mut OpenPgp, _param: &[&str]) -> Result<TestOutput, TestError> {
-    card: &mut (dyn CardBackend + Send + Sync),
-    _param: &[&str],
-) -> Result<TestOutput, TestError> {
-    let mut pgp = OpenPgp::new(card);
     let mut pgpt = pgp.transaction()?;
 
     let out = vec![];
@@ -484,11 +444,7 @@ pub fn test_private_data(
 //     Ok(out)
 // }
 
-pub fn test_pw_status(
+pub fn test_pw_status(pgp: &mut OpenPgp, _param: &[&str]) -> Result<TestOutput, TestError> {
-    card: &mut (dyn CardBackend + Send + Sync),
-    _param: &[&str],
-) -> Result<TestOutput, TestError> {
-    let mut pgp = OpenPgp::new(card);
     let mut pgpt = pgp.transaction()?;
 
     let out = vec![];
@@ -515,11 +471,7 @@ pub fn test_pw_status(
 /// Outputs:
 /// - verify pw3 (check) -> Status
 /// - verify pw1 (check) -> Status
-pub fn test_verify(
+pub fn test_verify(pgp: &mut OpenPgp, _param: &[&str]) -> Result<TestOutput, TestError> {
-    card: &mut (dyn CardBackend + Send + Sync),
-    _param: &[&str],
-) -> Result<TestOutput, TestError> {
-    let mut pgp = OpenPgp::new(card);
     let mut pgpt = pgp.transaction()?;
 
     // Steps:
@@ -584,11 +536,7 @@ pub fn test_verify(
     Ok(out)
 }
 
-pub fn test_change_pw(
+pub fn test_change_pw(pgp: &mut OpenPgp, _param: &[&str]) -> Result<TestOutput, TestError> {
-    card: &mut (dyn CardBackend + Send + Sync),
-    _param: &[&str],
-) -> Result<TestOutput, TestError> {
-    let mut pgp = OpenPgp::new(card);
     let mut pgpt = pgp.transaction()?;
 
     let out = vec![];
@@ -646,10 +594,9 @@ pub fn test_change_pw(
 }
 
 pub fn test_reset_retry_counter(
-    card: &mut (dyn CardBackend + Send + Sync),
+    pgp: &mut OpenPgp,
     _param: &[&str],
 ) -> Result<TestOutput, TestError> {
-    let mut pgp = OpenPgp::new(card);
     let mut pgpt = pgp.transaction()?;
 
     let out = vec![];
@@ -711,10 +658,10 @@ pub fn test_reset_retry_counter(
 
 pub fn run_test(
     tc: &mut TestCardData,
-    t: fn(&mut (dyn CardBackend + Send + Sync), &[&str]) -> Result<TestOutput, TestError>,
+    t: fn(&mut OpenPgp, &[&str]) -> Result<TestOutput, TestError>,
     param: &[&str],
 ) -> Result<TestOutput, TestError> {
-    let mut card = tc.get_card()?;
+    let card = tc.get_card()?;
-
+    let mut pgp = OpenPgp::new(card);
-    t(&mut *card, param)
+    t(&mut pgp, param)
 }

openpgp-card-examples/src/bin/decrypt.rs

@@ -20,8 +20,8 @@ fn main() -> Result<(), Box<dyn std::error::Error>> {
     let card_ident = &args[0];
     let pin_file = &args[1];
 
-    let mut card = PcscBackend::open_by_ident(card_ident, None)?;
+    let card = PcscBackend::open_by_ident(card_ident, None)?;
-    let mut pgp = OpenPgp::new(&mut card);
+    let mut pgp = OpenPgp::new(Box::new(card));
 
     let mut open = Open::new(pgp.transaction()?)?;
 

openpgp-card-examples/src/bin/detach-sign.rs

@@ -19,8 +19,8 @@ fn main() -> Result<(), Box<dyn std::error::Error>> {
     let card_ident = &args[0];
     let pin_file = &args[1];
 
-    let mut card = PcscBackend::open_by_ident(card_ident, None)?;
+    let card = PcscBackend::open_by_ident(card_ident, None)?;
-    let mut pgp = OpenPgp::new(&mut card);
+    let mut pgp = OpenPgp::new(Box::new(card));
 
     let mut open = Open::new(pgp.transaction()?)?;
 

openpgp-card-sequoia/Cargo.toml

@@ -14,7 +14,7 @@ documentation = "https://docs.rs/crate/openpgp-card-sequoia"
 [dependencies]
 sequoia-openpgp = "1.4"
 nettle = "7"
-openpgp-card = { path = "../openpgp-card", version = "0.2.6" }
+openpgp-card = { path = "../openpgp-card", version = "0.3" }
 chrono = "0.4"
 anyhow = "1"
 thiserror = "1"

openpgp-card-sequoia/examples/test.rs

@@ -35,8 +35,8 @@ fn main() -> Result<(), Box<dyn Error>> {
     let test_card_ident = env::var("TEST_CARD_IDENT");
 
     if let Ok(test_card_ident) = test_card_ident {
-        let mut card = PcscBackend::open_by_ident(&test_card_ident, None)?;
+        let card = PcscBackend::open_by_ident(&test_card_ident, None)?;
-        let mut pgp = OpenPgp::new(&mut card);
+        let mut pgp = OpenPgp::new(Box::new(card));
 
         let mut open = Open::new(pgp.transaction()?)?;
 
@@ -140,8 +140,8 @@ fn main() -> Result<(), Box<dyn Error>> {
         // -----------------------------
         //  Open fresh Card for decrypt
         // -----------------------------
-        let mut card = PcscBackend::open_by_ident(&test_card_ident, None)?;
+        let card = PcscBackend::open_by_ident(&test_card_ident, None)?;
-        let mut pgp = OpenPgp::new(&mut card);
+        let mut pgp = OpenPgp::new(Box::new(card));
 
         let mut open = Open::new(pgp.transaction()?)?;
 
@@ -180,8 +180,8 @@ fn main() -> Result<(), Box<dyn Error>> {
         // -----------------------------
         //  Open fresh Card for signing
         // -----------------------------
-        let mut card = PcscBackend::open_by_ident(&test_card_ident, None)?;
+        let card = PcscBackend::open_by_ident(&test_card_ident, None)?;
-        let mut pgp = OpenPgp::new(&mut card);
+        let mut pgp = OpenPgp::new(Box::new(card));
 
         let mut open = Open::new(pgp.transaction()?)?;
 
@@ -212,8 +212,8 @@ fn main() -> Result<(), Box<dyn Error>> {
 
         println!("The following OpenPGP cards are connected to your system:");
 
-        for mut card in PcscBackend::cards(None)? {
+        for card in PcscBackend::cards(None)? {
-            let mut pgp = OpenPgp::new(&mut card);
+            let mut pgp = OpenPgp::new(Box::new(card));
 
             let open = Open::new(pgp.transaction()?)?;
 

openpgp-card-sequoia/src/lib.rs

@@ -17,8 +17,8 @@
 //! use openpgp_card_sequoia::card::Open;
 //!
 //! # fn main() -> Result<(), Box<dyn std::error::Error>> {
-//! for mut card in PcscBackend::cards(None)? {
+//! for card in PcscBackend::cards(None)? {
-//!     let mut pgp = OpenPgp::new(&mut card);
+//!     let mut pgp = OpenPgp::new(Box::new(card));
 //!     let mut open = Open::new(pgp.transaction()?)?;
 //!     println!("Found OpenPGP card with ident '{}'",
 //!              open.application_identifier()?.ident());
@@ -35,8 +35,8 @@
 //! use openpgp_card_sequoia::card::Open;
 //!
 //! # fn main() -> Result<(), Box<dyn std::error::Error>> {
-//! let mut card = PcscBackend::open_by_ident("abcd:12345678", None)?;
+//! let card = PcscBackend::open_by_ident("abcd:12345678", None)?;
-//! let mut pgp = OpenPgp::new(&mut card);
+//! let mut pgp = OpenPgp::new(Box::new(card));
 //! let mut open = Open::new(pgp.transaction()?)?;
 //! # Ok(())
 //! # }
@@ -59,8 +59,8 @@
 //! # fn main() -> Result<(), Box<dyn std::error::Error>> {
 //! // Open card via PCSC
 //! use sequoia_openpgp::policy::StandardPolicy;
-//! let mut card = PcscBackend::open_by_ident("abcd:12345678", None)?;
+//! let card = PcscBackend::open_by_ident("abcd:12345678", None)?;
-//! let mut pgp = OpenPgp::new(&mut card);
+//! let mut pgp = OpenPgp::new(Box::new(card));
 //! let mut open = Open::new(pgp.transaction()?)?;
 //!
 //! // Get authorization for user access to the card with password
@@ -97,8 +97,8 @@
 //! # fn main() -> Result<(), Box<dyn std::error::Error>> {
 //! // Open card via PCSC
 //! use sequoia_openpgp::policy::StandardPolicy;
-//! let mut card = PcscBackend::open_by_ident("abcd:12345678", None)?;
+//! let card = PcscBackend::open_by_ident("abcd:12345678", None)?;
-//! let mut pgp = OpenPgp::new(&mut card);
+//! let mut pgp = OpenPgp::new(Box::new(card));
 //! let mut open = Open::new(pgp.transaction()?)?;
 //!
 //! // Get authorization for signing access to the card with password
@@ -124,8 +124,8 @@
 //!
 //! # fn main() -> Result<(), Box<dyn std::error::Error>> {
 //! // Open card via PCSC
-//! let mut card = PcscBackend::open_by_ident("abcd:12345678", None)?;
+//! let card = PcscBackend::open_by_ident("abcd:12345678", None)?;
-//! let mut pgp = OpenPgp::new(&mut card);
+//! let mut pgp = OpenPgp::new(Box::new(card));
 //! let mut open = Open::new(pgp.transaction()?)?;
 //!
 //! // Get authorization for admin access to the card with password

openpgp-card/Cargo.toml

@@ -5,7 +5,7 @@
 name = "openpgp-card"
 description = "A client implementation for the OpenPGP card specification"
 license = "MIT OR Apache-2.0"
-version = "0.2.7"
+version = "0.3.1"
 authors = ["Heiko Schaefer <heiko@schaefer.name>"]
 edition = "2018"
 repository = "https://gitlab.com/openpgp-card/openpgp-card"

openpgp-card/src/openpgp.rs

@@ -23,13 +23,18 @@ use crate::{
 ///
 /// Users of this crate can keep a long lived OpenPgp object. All operations must be performed on
 /// a short lived `OpenPgpTransaction`.
-pub struct OpenPgp<'a> {
+pub struct OpenPgp {
-    card: &'a mut (dyn CardBackend + Send + Sync),
+    card: Box<dyn CardBackend + Send + Sync>,
 }
 
-impl<'a> OpenPgp<'a> {
+impl OpenPgp {
-    pub fn new(card: &'a mut (dyn CardBackend + Send + Sync)) -> Self {
+    pub fn new<B>(backend: B) -> Self
-        Self { card }
+    where
+        B: Into<Box<dyn CardBackend + Send + Sync>>,
+    {
+        Self {
+            card: backend.into(),
+        }
     }
 
     /// Get an OpenPgpTransaction object. This starts a transaction on the underlying

pcsc/Cargo.toml

@@ -6,13 +6,13 @@ name = "openpgp-card-pcsc"
 description = "PCSC OpenPGP card backend, for use with the openpgp-card crate"
 authors = ["Heiko Schaefer <heiko@schaefer.name>"]
 license = "MIT OR Apache-2.0"
-version = "0.2.1"
+version = "0.2.2"
 edition = "2018"
 repository = "https://gitlab.com/openpgp-card/openpgp-card"
 documentation = "https://docs.rs/crate/openpgp-card-pcsc"
 
 [dependencies]
-openpgp-card = { path = "../openpgp-card", version = "0.2" }
+openpgp-card = { path = "../openpgp-card", version = "0.3" }
 iso7816-tlv = "0.4"
 pcsc = "2.7"
 log = "0.4"

pcsc/src/lib.rs

@@ -36,6 +36,13 @@ pub struct PcscBackend {
     reader_caps: HashMap<u8, Tlv>,
 }
 
+/// Boxing helper (for easier consumption of PcscBackend in openpgp_card and openpgp_card_sequoia)
+impl From<PcscBackend> for Box<dyn CardBackend + Sync + Send> {
+    fn from(backend: PcscBackend) -> Box<dyn CardBackend + Sync + Send> {
+        Box::new(backend)
+    }
+}
+
 /// An implementation of the CardTransaction trait that uses the PCSC lite
 /// middleware to access the OpenPGP card application on smart cards, via a
 /// PCSC "transaction".

scdc/Cargo.toml

@@ -6,13 +6,13 @@ name = "openpgp-card-scdc"
 description = "Experimental SCDaemon Client, for use with the openpgp-card crate"
 authors = ["Heiko Schaefer <heiko@schaefer.name>"]
 license = "MIT OR Apache-2.0"
-version = "0.2.1"
+version = "0.2.2"
 edition = "2018"
 repository = "https://gitlab.com/openpgp-card/openpgp-card"
 documentation = "https://docs.rs/crate/openpgp-card-scdc"
 
 [dependencies]
-openpgp-card = { path = "../openpgp-card", version = "0.2" }
+openpgp-card = { path = "../openpgp-card", version = "0.3" }
 sequoia-ipc = "0.27"
 hex = "0.4"
 futures = "0.3"

tools/Cargo.toml

@@ -13,7 +13,7 @@ documentation = "https://docs.rs/crate/openpgp-card-tools"
 
 [dependencies]
 sequoia-openpgp = "1.3"
-openpgp-card = { path = "../openpgp-card", version = "0.2.6" }
+openpgp-card = { path = "../openpgp-card", version = "0.3" }
 openpgp-card-pcsc = { path = "../pcsc", version = "0.2" }
 openpgp-card-sequoia = { path = "../openpgp-card-sequoia", version = "0.0.18" }
 sshkeys = "0.3.2"

tools/src/bin/opgpcard/main.rs

@@ -89,9 +89,9 @@ fn main() -> Result<(), Box<dyn std::error::Error>> {
         }
         cli::Command::Attestation { cmd } => match cmd {
             cli::AttCommand::Cert { ident } => {
-                let mut card = pick_card_for_reading(ident)?;
+                let card = pick_card_for_reading(ident)?;
 
-                let mut pgp = OpenPgp::new(&mut *card);
+                let mut pgp = OpenPgp::new(card);
                 let mut open = Open::new(pgp.transaction()?)?;
 
                 if let Ok(ac) = open.attestation_certificate() {
@@ -104,8 +104,8 @@ fn main() -> Result<(), Box<dyn std::error::Error>> {
                 key,
                 user_pin,
             } => {
-                let mut card = util::open_card(&ident)?;
+                let card = util::open_card(&ident)?;
-                let mut pgp = OpenPgp::new(&mut card);
+                let mut pgp = OpenPgp::new(Box::new(card));
 
                 let mut open = Open::new(pgp.transaction()?)?;
                 let user_pin = util::get_pin(&mut open, user_pin, ENTER_USER_PIN);
@@ -125,9 +125,9 @@ fn main() -> Result<(), Box<dyn std::error::Error>> {
                 })?;
             }
             cli::AttCommand::Statement { ident, key } => {
-                let mut card = pick_card_for_reading(ident)?;
+                let card = pick_card_for_reading(ident)?;
 
-                let mut pgp = OpenPgp::new(&mut *card);
+                let mut pgp = OpenPgp::new(card);
                 let mut open = Open::new(pgp.transaction()?)?;
 
                 // Get cardholder certificate from card.
@@ -174,8 +174,8 @@ fn main() -> Result<(), Box<dyn std::error::Error>> {
             admin_pin,
             cmd,
         } => {
-            let mut card = util::open_card(&ident)?;
+            let card = util::open_card(&ident)?;
-            let mut pgp = OpenPgp::new(&mut card);
+            let mut pgp = OpenPgp::new(Box::new(card));
 
             let mut open = Open::new(pgp.transaction()?)?;
             let admin_pin = util::get_pin(&mut open, admin_pin, ENTER_ADMIN_PIN);
@@ -347,8 +347,8 @@ fn main() -> Result<(), Box<dyn std::error::Error>> {
             }
         }
         cli::Command::Pin { ident, cmd } => {
-            let mut card = util::open_card(&ident)?;
+            let card = util::open_card(&ident)?;
-            let mut pgp = OpenPgp::new(&mut card);
+            let mut pgp = OpenPgp::new(Box::new(card));
             let pgpt = pgp.transaction()?;
 
             let pinpad_modify = pgpt.feature_pinpad_modify();
@@ -561,8 +561,8 @@ fn main() -> Result<(), Box<dyn std::error::Error>> {
 fn list_cards() -> Result<()> {
     let cards = util::cards()?;
     if !cards.is_empty() {
-        for mut card in cards {
+        for card in cards {
-            let mut pgp = OpenPgp::new(&mut card);
+            let mut pgp = OpenPgp::new(Box::new(card));
             let open = Open::new(pgp.transaction()?)?;
             println!(" {}", open.application_identifier()?.ident());
         }
@@ -573,8 +573,8 @@ fn list_cards() -> Result<()> {
 }
 
 fn set_identity(ident: &str, id: u8) -> Result<(), Box<dyn std::error::Error>> {
-    let mut card = util::open_card(ident)?;
+    let card = util::open_card(ident)?;
-    let mut pgp = OpenPgp::new(&mut card);
+    let mut pgp = OpenPgp::new(Box::new(card));
 
     let mut pgpt = pgp.transaction()?;
     pgpt.set_identity(id)?;
@@ -607,9 +607,9 @@ fn pick_card_for_reading(ident: Option<String>) -> Result<Box<dyn CardBackend +
 }
 
 fn print_status(ident: Option<String>, verbose: bool, pkm: bool) -> Result<()> {
-    let mut card = pick_card_for_reading(ident)?;
+    let card = pick_card_for_reading(ident)?;
 
-    let mut pgp = OpenPgp::new(&mut *card);
+    let mut pgp = OpenPgp::new(card);
     let mut pgpt = pgp.transaction()?;
 
     let ard = pgpt.application_related_data()?;
@@ -828,9 +828,9 @@ fn print_status(ident: Option<String>, verbose: bool, pkm: bool) -> Result<()> {
 
 /// print metadata information about a card
 fn print_info(ident: Option<String>) -> Result<()> {
-    let mut card = pick_card_for_reading(ident)?;
+    let card = pick_card_for_reading(ident)?;
 
-    let mut pgp = OpenPgp::new(&mut *card);
+    let mut pgp = OpenPgp::new(card);
     let mut open = Open::new(pgp.transaction()?)?;
 
     let ai = open.application_identifier()?;
@@ -880,9 +880,9 @@ fn print_info(ident: Option<String>) -> Result<()> {
 }
 
 fn print_ssh(ident: Option<String>) -> Result<()> {
-    let mut card = pick_card_for_reading(ident)?;
+    let card = pick_card_for_reading(ident)?;
 
-    let mut pgp = OpenPgp::new(&mut *card);
+    let mut pgp = OpenPgp::new(card);
     let mut open = Open::new(pgp.transaction()?)?;
 
     let ident = open.application_identifier()?.ident();
@@ -913,9 +913,9 @@ fn print_pubkey(
     user_pin: Option<PathBuf>,
     user_ids: Vec<String>,
 ) -> Result<()> {
-    let mut card = pick_card_for_reading(ident)?;
+    let card = pick_card_for_reading(ident)?;
 
-    let mut pgp = OpenPgp::new(&mut *card);
+    let mut pgp = OpenPgp::new(card);
     let mut open = Open::new(pgp.transaction()?)?;
 
     let ident = open.application_identifier()?.ident();
@@ -985,8 +985,8 @@ fn decrypt(
 
     let input = util::open_or_stdin(input)?;
 
-    let mut card = util::open_card(ident)?;
+    let card = util::open_card(ident)?;
-    let mut pgp = OpenPgp::new(&mut card);
+    let mut pgp = OpenPgp::new(Box::new(card));
 
     let mut open = Open::new(pgp.transaction()?)?;
 
@@ -1010,8 +1010,8 @@ fn sign_detached(
 ) -> Result<(), Box<dyn std::error::Error>> {
     let mut input = util::open_or_stdin(input)?;
 
-    let mut card = util::open_card(ident)?;
+    let card = util::open_card(ident)?;
-    let mut pgp = OpenPgp::new(&mut card);
+    let mut pgp = OpenPgp::new(Box::new(card));
 
     let mut open = Open::new(pgp.transaction()?)?;
 
@@ -1031,8 +1031,8 @@ fn sign_detached(
 
 fn factory_reset(ident: &str) -> Result<()> {
     println!("Resetting Card {}", ident);
-    let mut card = util::open_card(ident)?;
+    let card = util::open_card(ident)?;
-    let mut pgp = OpenPgp::new(&mut card);
+    let mut pgp = OpenPgp::new(Box::new(card));
 
     let mut open = Open::new(pgp.transaction()?)?;
     open.factory_reset().map_err(|e| anyhow!(e))