keyfork wizard generate-shard-secret: add ability to set new PINs

This commit is contained in:
Ryan Heywood 2024-01-08 14:22:33 -05:00
parent 49f7374f2f
commit 9375bc3933
Signed by: ryan
GPG Key ID: 8E401478A3FBEF72
2 changed files with 15 additions and 2 deletions

View File

@ -46,6 +46,8 @@ fn derive_key(seed: &[u8], index: u8) -> Result<Cert> {
/// Factory reset the current card so long as it does not match the last-used backend. /// Factory reset the current card so long as it does not match the last-used backend.
fn factory_reset_current_card( fn factory_reset_current_card(
seen_cards: &mut HashSet<String>, seen_cards: &mut HashSet<String>,
user_pin: &str,
admin_pin: &str,
cert: &Cert, cert: &Cert,
) -> Result<()> { ) -> Result<()> {
let policy = openpgp::policy::NullPolicy::new(); let policy = openpgp::policy::NullPolicy::new();
@ -83,6 +85,8 @@ fn factory_reset_current_card(
admin.upload_key(signing_key, KeyType::Signing, None)?; admin.upload_key(signing_key, KeyType::Signing, None)?;
admin.upload_key(decryption_key, KeyType::Decryption, None)?; admin.upload_key(decryption_key, KeyType::Decryption, None)?;
admin.upload_key(authentication_key, KeyType::Authentication, None)?; admin.upload_key(authentication_key, KeyType::Authentication, None)?;
transaction.change_user_pin("123456", user_pin)?;
transaction.change_admin_pin("12345678", admin_pin)?;
} else { } else {
panic!("No smart card found"); panic!("No smart card found");
} }
@ -104,7 +108,16 @@ fn generate_shard_secret(threshold: u8, max: u8, keys_per_shard: u8) -> Result<(
i + 1, i + 1,
index + 1, index + 1,
)))?; )))?;
factory_reset_current_card(&mut seen_cards, &cert)?; // TODO: add a second prompt for verification, perhaps as an argument to
// prompt_passphrase
let user_pin = pm.prompt_passphrase("Please enter the new smartcard User PIN: ")?;
let admin_pin = pm.prompt_passphrase("Please enter the new smartcard Admin PIN: ")?;
factory_reset_current_card(
&mut seen_cards,
user_pin.trim(),
admin_pin.trim(),
&cert,
)?;
} }
certs.push(cert); certs.push(cert);
} }

View File

@ -10,7 +10,7 @@ fn main() -> ExitCode {
let opts = cli::Keyfork::parse(); let opts = cli::Keyfork::parse();
if let Err(e) = opts.command .handle(&opts) { if let Err(e) = opts.command .handle(&opts) {
println!("Unable to run command: {e}"); eprintln!("Unable to run command: {e}");
let mut source = e.source(); let mut source = e.source();
while let Some(new_error) = source.take() { while let Some(new_error) = source.take() {
eprintln!("Source: {new_error}"); eprintln!("Source: {new_error}");