turnkey/openpgp-card
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
808 commits 1 branch 0 tags 1.7 MiB
Commit graph

235 commits

Author SHA1 Message Date
Heiko Schaefer
9fe1ca31c0
Bump version 2022-09-18 15:30:50 +02:00
Heiko Schaefer
b32cf67196
Don't implicitly add a User ID for the cardholder name, in make_cert() 2022-09-18 15:30:35 +02:00
Heiko Schaefer
2ece9734fd
opgpcard: filter out empty User IDs in make_cert() 2022-09-08 19:25:55 +02:00
Heiko Schaefer
4557c40bda
opgpcard: DRY make_cert(). 2022-09-08 19:25:35 +02:00
Heiko Schaefer
1b483b5c09
opgpcard: Add direct key signature in make_cert(). 
Without this, pubkey output contains no signatures at all, if no User ID is set.
 2022-09-08 19:25:30 +02:00
Heiko Schaefer
d167883835
opgpcard: Remove obsolete FIXME 2022-09-08 19:25:24 +02:00
Heiko Schaefer
fa524a4942
Bump version 2022-09-04 20:33:42 +02:00
Heiko Schaefer
96e28b1b4f
opgpcard: Add optional user-id parameter for "pubkey" and "admin generate", to bind User IDs to the certificate. 2022-09-04 20:30:33 +02:00
Heiko Schaefer
11ccc9b5e3
cleanup import 2022-08-05 01:29:43 +02:00
Heiko Schaefer
d4f7b8d1b0
Update copyright headers 2022-07-26 09:42:03 +02:00
Heiko Schaefer
8427eadfad
Bump versions 2022-07-25 18:13:36 +02:00
Heiko Schaefer
6e630254fa
Don't use Cert to build signer and decryptor. 
Rename decryptor/signer/authenticator getters.
Add alternatives that don't require PublicKey parameter.
 2022-07-25 18:12:03 +02:00
Heiko Schaefer
f9ed6c30c0
Clippy: don't bind unit values. 2022-07-16 14:24:49 +02:00
Heiko Schaefer
f93d7bbb30
Bump versions 2022-06-22 21:58:51 +02:00
Heiko Schaefer
7bfeb4df59
Always allow getting Sign/User 2022-06-22 21:50:57 +02:00
Heiko Schaefer
43a9abdabd
Implement signing for auth slot 2022-06-22 21:50:07 +02:00
Heiko Schaefer
17fc6ebeff
Handle empty signing key slot in key_slot() 2022-06-19 14:53:15 +02:00
Heiko Schaefer
6d52835efa
Adjust paths for move to gitlab group 'openpgp-card'. 2022-06-11 21:46:32 +02:00
Heiko Schaefer
febf960b39
Bump versions 2022-06-11 10:03:52 +02:00
Heiko Schaefer
e3dfdbffe6
Implement key_slot() to get a PublicKey representation for one of the card's key slots. 2022-06-11 10:01:00 +02:00
Heiko Schaefer
441feb0a34
Implement reload_ard(). 2022-06-11 09:59:20 +02:00
Heiko Schaefer
d96e56651b
Add callback Fn for touch confirmation prompt to generate attestations. 2022-06-11 09:55:06 +02:00
Heiko Schaefer
374f9eec89
Add callback Fn for touch confirmation prompt for decryption operations. 2022-06-11 09:55:06 +02:00
Heiko Schaefer
079cc32427
Add callback Fn for touch confirmation prompt for signing operations. 2022-06-11 09:55:05 +02:00
Heiko Schaefer
ccba7c7e9f
Rename 'prompt' parameters to 'pinpad_prompt'. 2022-06-11 09:55:04 +02:00
Heiko Schaefer
bc58a346c2
Implement set_uif() 2022-06-11 09:55:03 +02:00
Heiko Schaefer
b90ee05f6d
Implement set_pso_enc_dec_key() 2022-05-28 19:41:54 +02:00
Heiko Schaefer
cd40e2bae4
Bump versions: 
- openpgp-card 0.2.5
- openpgp-card-sequoia 0.0.12
- openpgp-tools 0.0.10
 2022-05-24 16:20:59 +02:00
Heiko Schaefer
7b3152a88e
Add a note that the openpgp-card-sequoia API is an early draft (and subject to change). 2022-05-24 16:20:58 +02:00
Heiko Schaefer
432edd5a3e
Add workaround for select_data() on older Yubikey5 firmware versions. 
(This breaks API compatibility, but select_data() was so far not used in any published crate)
 2022-05-24 14:45:25 +02:00
Heiko Schaefer
0885cb0ac9
Add cardholder_certificate() 2022-05-24 14:45:25 +02:00
Heiko Schaefer
14143ee182
Implement next_cardholder_certificate() to read successive cardholder certificates from the card. 2022-05-24 14:45:24 +02:00
Heiko Schaefer
abd61d5a15
Implement generate_attestation() 2022-05-24 14:45:24 +02:00
Heiko Schaefer
6fad597637
Implement attestation_certificate() 2022-05-24 14:45:24 +02:00
Heiko Schaefer
f4e344b959
Bump openpgp-card-sequoia to 0.0.11; openpgp-card-tools to 0.0.8 2022-04-21 18:24:14 +02:00
Heiko Schaefer
fbdb9e87b2
Adjust openpgp-card-sequoia API to take resetting code as &[u8] instead of &str. 2022-04-21 13:28:21 +02:00
Heiko Schaefer
e6c40be8ad
Adjusted/improved handling of public keys (especially to find the correct KDF parameters for ECC decryption keys): 
- "Brute force" find the right KDF parameters in the new helper fn public_key_material_and_fp_to_key() [try possible parameters until a matching fingerprint is found, error if none].
- In `opgpcard pubkey`, use public_key_material_and_fp_to_key() to find the right parameters for the ECC decryption subkey (this subcommand now fails when the fingerprint on the card doesn't match the fingerprint of the public key data for that key slot)
- When generating OpenPGP ECC decryption keys from public key material (including to compute fingerprints from the key material), use SHA256/AES128 as default parameters.
 2022-04-15 16:17:04 +02:00
Heiko Schaefer
cf7dd20789
Don't dev-depend on scdc, for now. 2022-04-12 14:51:39 +02:00
Heiko Schaefer
aae546326f
Clean up dependencies; move openpgp-card-sequoia test-code into examples/. 2022-04-12 11:41:33 +02:00
Heiko Schaefer
6525c2ddbc
openpgp-card-sequoia release 0.0.9, use as a dependency in openpgp-card-tools 0.0.5 2022-03-30 03:15:07 +02:00
Heiko Schaefer
418bfc83f0
Make name optional in make_cert() 2022-03-30 02:10:07 +02:00
Heiko Schaefer
283f58d7d8
Cleanup import 2022-03-30 02:04:23 +02:00
Heiko Schaefer
f069fb1e20
Model PINs as &[u8] in openpgp-card-sequoia 2022-03-29 22:40:26 +02:00
Heiko Schaefer
63b47cffdc
Update/remove dependency on env_logger 2022-03-22 11:27:48 +01:00
Heiko Schaefer
0b4a18b136
Fix clippy lints 2022-03-06 16:15:13 +01:00
Heiko Schaefer
a8637f48b1
Bump versions 2022-02-24 21:25:47 +01:00
Heiko Schaefer
e9235164c8
Rename PIN-related functions for clarity 2022-02-24 21:25:47 +01:00
Heiko Schaefer
8ab3a43d6e
Use Error::InternalError less, introduce additional specific error variants. 2022-02-24 21:25:47 +01:00
Heiko Schaefer
088bb88a02
Consistently model pin as &[u8] in openpgp-card. 
Fixes #22
 2022-02-24 21:25:47 +01:00
Heiko Schaefer
96167f6530
Move OpenPGP card functionality into OpenPgp/OpenPgpTransaction. 
This separates backend access (implemented in CardBackend and CardTransaction) from OpenPGP card operations.

Fixes #7
 2022-02-24 21:25:47 +01:00
Heiko Schaefer
12a6a77b8d
CardTransaction::method should not return a Response. Most don't have a return value, the rest should return Vec<u8> instead. 
Fixes #19
 2022-02-24 21:25:47 +01:00
Heiko Schaefer
636813279b
Reformatted to conform to vanilla rustfmt. 2022-02-24 21:25:47 +01:00
Heiko Schaefer
1496da6dd5
Rename pcsc::PcscCard -> pcsc::PcscBackend, pcsc::TxClient -> pcsc::PcscTransaction 2022-02-18 15:58:12 +01:00
Heiko Schaefer
e01c79e857
Tweak ergonomics of openpgp-card-pcsc usage and simplify client code. 2022-02-18 15:06:31 +01:00
Heiko Schaefer
c23f23c619
Introduce the new CardBackend trait. 
A CardBackend represents a card without an open transaction (a CardTransaction implementation can be acquired from a CardBackend).
 2022-02-18 15:06:31 +01:00
Heiko Schaefer
5133051626
Rename CardClient -> CardTransaction. 2022-02-18 15:06:31 +01:00
Heiko Schaefer
dcf73bd86d
More explicit data type Lang for language. 2022-02-16 10:02:35 +01:00
Heiko Schaefer
574d7be765
Use byte-array data types for url, name, lang in openpgp-card. 2022-02-15 15:34:52 +01:00
Heiko Schaefer
0e94871189
Implement PcscCard::transaction() to replace the transaction!() macro. 
(This currently requires unreleased pcsc from git)
 2022-02-15 15:34:52 +01:00
Heiko Schaefer
87788e8912
rename get_txc!() -> transaction!() 2022-02-15 10:53:46 +01:00
Heiko Schaefer
bdde317a2d
Simplify optional $reselect parameter in get_txc!() 2022-02-15 10:53:46 +01:00
Heiko Schaefer
7573361836
Make ShareMode an optional parameter when opening cards via pcsc. 2022-02-15 10:53:46 +01:00
Heiko Schaefer
36b9fb2770
get_txc!() now assumes the OpenPGP application should be re-selected, by default 2022-02-15 10:49:55 +01:00
Heiko Schaefer
376072910e
Adjust openpgp-card-sequoia to changed openpgp-card API 2022-02-15 10:49:42 +01:00
Heiko Schaefer
53c8609f05
Remove unused imports 2022-02-14 17:46:16 +01:00
Heiko Schaefer
30341d6c4b
Rename: PcscClient->PcscCard,PcscTxClient->TxClient 2022-02-14 17:46:16 +01:00
Heiko Schaefer
2480745088
Move implementation of low-level OpenPGP functionality from CardApp to CardClient. 2022-02-14 17:46:16 +01:00
Heiko Schaefer
111f9e9631
Adjust to openpgp-card 0.2 API 2022-02-14 17:46:16 +01:00
Heiko Schaefer
5e7fcd079b
Change CardApp API: take &mut CardClient parameter for all calls (instead of owning a CardClientBox). 
This way, clients can exert control over the state of the CardClient, e.g. to combine CardApp operations in a PCSC transaction.
 2022-02-14 17:43:07 +01:00
Heiko Schaefer
5e0007c7fd
Add FIXME for construction of EdDSA public keys from a card 2022-01-27 16:10:02 +01:00
Heiko Schaefer
7031158f5b
Fix doctests 2021-12-12 02:34:56 +01:00
Heiko Schaefer
bba1c264dd
release openpgp-card-sequoia 0.0.7 2021-12-12 01:36:50 +01:00
Heiko Schaefer
383f592865
Don't apply Policy when picking (sub)key from Cert for sign/decrypt. 2021-12-11 23:36:36 +01:00
Heiko Schaefer
e5788f2a2c
Bump version for release. 2021-12-02 18:55:49 +01:00
Heiko Schaefer
413e8b7d2a
Bump versions for releases. 2021-12-02 18:45:46 +01:00
Heiko Schaefer
ecd862e23f
Remove "get_" prefix from getter function names (to better conform with Rust API Guidelines https://rust-lang.github.io/api-guidelines). 2021-12-01 19:11:22 +01:00
Heiko Schaefer
2709b4ad39
Implement pinpad feature detection and pinpad support for verify/modify (of pw1 and pw3) in pcsc backend. 
Extend CardCaps to contain pw1_max_len and pw3_max_len (and initialize these values from ARD).

Add pinpad_verify(), pinpad_modify(), feature_verify()/feature_modify() to CardClient API.
Expose in card_app (and openpgp-card-sequoia card API).

Adjust opgpcard, opgpcard-pin to ue pinpad reader when available.
 2021-11-30 22:51:18 +01:00
Heiko Schaefer
9de79477b9
Implement get_firmware_version (probably YubiKey specific) 2021-11-23 20:38:46 +01:00
Heiko Schaefer
a439397c62
Clippy fixes. 2021-11-22 16:33:15 +01:00
Heiko Schaefer
7413b5c062
Don't check cert revocation status when decrypting. 2021-11-22 16:33:15 +01:00
Heiko Schaefer
af673f537c
Adjust error handling in CardSigner and CardDecryptor (for better error messages in tools, such as opgpcard). 
Refactor sq_utils, rename some fn for clarity.
 2021-11-21 15:21:43 +01:00
Heiko Schaefer
874c28b7ff
Add get_pub_key() 2021-11-16 19:18:10 +01:00
Heiko Schaefer
13c8769ea3
Case insensitive comparison of ident. 2021-11-16 17:48:14 +01:00
Heiko Schaefer
90ae9398ed
Adjust the backend API and interaction with openpgp-card some more. 2021-11-12 18:47:56 +01:00
Heiko Schaefer
7a71f88eb6
Rename Open::open() to Open::new() 2021-11-11 16:40:08 +01:00
Heiko Schaefer
d10cbe8eff
clean up lints 2021-11-11 16:40:08 +01:00
Heiko Schaefer
d55985807c
Change the API for interactions between openpgp-card and backends. 
The goal of this change is a cleaner structure, and in particular to make it the default for client-code to obtain a CardApp with pre-initialized "capabilities" (that is, init_caps() gets called implicitely).
 2021-11-11 16:40:08 +01:00
Heiko Schaefer
288a2a8325
Add comments/assert for PSO: DECIPHER 2021-11-09 16:43:59 +01:00
Heiko Schaefer
87168ea0de
Cleanup imports 2021-11-05 23:14:36 +01:00
Heiko Schaefer
1a37b437e2
Releases 2021-11-05 23:07:48 +01:00
Heiko Schaefer
79cfcb09c2 In generate_key_simple(), the algo parameter is now an Option<AlgoSimple>. 
This allows uploading keys without explicitly setting the algorithm, thus leaving the card's algo setting unchanged.
 2021-11-05 13:34:14 +01:00
Heiko Schaefer
02401d12f4 Initial parts of key generation. 2021-11-05 13:34:14 +01:00
Heiko Schaefer
8674b0e65c Refactor "Open" to use a borrowed CardApp (instead of owning the CardApp). 2021-11-05 13:34:14 +01:00
Heiko Schaefer
edc89078ce Make the PublicKey type pub. 2021-11-03 02:26:07 +01:00
Heiko Schaefer
bc08ca68ed Releases 2021-10-29 22:51:23 +02:00
Heiko Schaefer
753bd8b71b Move example keys/data to openpgp-card-sequoia 2021-10-29 22:38:01 +02:00
Heiko Schaefer
aa7528ec9a Add functionality for cli tools. 2021-10-28 00:05:41 +02:00
Heiko Schaefer
3407cd3a39 Add reset_user_pin() fn for Open and for Admin, as well as set_resetting_code() to Admin. 2021-10-26 21:57:32 +02:00
Heiko Schaefer
2c0c19502f Add change_user_pin() and change_admin_pin() 2021-10-26 14:46:57 +02:00
Heiko Schaefer
77c7a90daf sq_util::get_subkey() now returns an Option. 
Not finding any subkey is not an error.
 2021-10-23 20:01:10 +02:00