diff --git a/keyfork/src/cli/wizard.rs b/keyfork/src/cli/wizard.rs index 2ee296e..d95997a 100644 --- a/keyfork/src/cli/wizard.rs +++ b/keyfork/src/cli/wizard.rs @@ -46,6 +46,8 @@ fn derive_key(seed: &[u8], index: u8) -> Result { /// Factory reset the current card so long as it does not match the last-used backend. fn factory_reset_current_card( seen_cards: &mut HashSet, + user_pin: &str, + admin_pin: &str, cert: &Cert, ) -> Result<()> { let policy = openpgp::policy::NullPolicy::new(); @@ -83,6 +85,8 @@ fn factory_reset_current_card( admin.upload_key(signing_key, KeyType::Signing, None)?; admin.upload_key(decryption_key, KeyType::Decryption, None)?; admin.upload_key(authentication_key, KeyType::Authentication, None)?; + transaction.change_user_pin("123456", user_pin)?; + transaction.change_admin_pin("12345678", admin_pin)?; } else { panic!("No smart card found"); } @@ -104,7 +108,16 @@ fn generate_shard_secret(threshold: u8, max: u8, keys_per_shard: u8) -> Result<( i + 1, index + 1, )))?; - factory_reset_current_card(&mut seen_cards, &cert)?; + // TODO: add a second prompt for verification, perhaps as an argument to + // prompt_passphrase + let user_pin = pm.prompt_passphrase("Please enter the new smartcard User PIN: ")?; + let admin_pin = pm.prompt_passphrase("Please enter the new smartcard Admin PIN: ")?; + factory_reset_current_card( + &mut seen_cards, + user_pin.trim(), + admin_pin.trim(), + &cert, + )?; } certs.push(cert); } diff --git a/keyfork/src/main.rs b/keyfork/src/main.rs index 2d18b54..bf4391b 100644 --- a/keyfork/src/main.rs +++ b/keyfork/src/main.rs @@ -10,7 +10,7 @@ fn main() -> ExitCode { let opts = cli::Keyfork::parse(); if let Err(e) = opts.command .handle(&opts) { - println!("Unable to run command: {e}"); + eprintln!("Unable to run command: {e}"); let mut source = e.source(); while let Some(new_error) = source.take() { eprintln!("Source: {new_error}");