keyfork wizard generate-shard-secret: add ability to set new PINs
This commit is contained in:
parent
49f7374f2f
commit
9375bc3933
|
@ -46,6 +46,8 @@ fn derive_key(seed: &[u8], index: u8) -> Result<Cert> {
|
||||||
/// Factory reset the current card so long as it does not match the last-used backend.
|
/// Factory reset the current card so long as it does not match the last-used backend.
|
||||||
fn factory_reset_current_card(
|
fn factory_reset_current_card(
|
||||||
seen_cards: &mut HashSet<String>,
|
seen_cards: &mut HashSet<String>,
|
||||||
|
user_pin: &str,
|
||||||
|
admin_pin: &str,
|
||||||
cert: &Cert,
|
cert: &Cert,
|
||||||
) -> Result<()> {
|
) -> Result<()> {
|
||||||
let policy = openpgp::policy::NullPolicy::new();
|
let policy = openpgp::policy::NullPolicy::new();
|
||||||
|
@ -83,6 +85,8 @@ fn factory_reset_current_card(
|
||||||
admin.upload_key(signing_key, KeyType::Signing, None)?;
|
admin.upload_key(signing_key, KeyType::Signing, None)?;
|
||||||
admin.upload_key(decryption_key, KeyType::Decryption, None)?;
|
admin.upload_key(decryption_key, KeyType::Decryption, None)?;
|
||||||
admin.upload_key(authentication_key, KeyType::Authentication, None)?;
|
admin.upload_key(authentication_key, KeyType::Authentication, None)?;
|
||||||
|
transaction.change_user_pin("123456", user_pin)?;
|
||||||
|
transaction.change_admin_pin("12345678", admin_pin)?;
|
||||||
} else {
|
} else {
|
||||||
panic!("No smart card found");
|
panic!("No smart card found");
|
||||||
}
|
}
|
||||||
|
@ -104,7 +108,16 @@ fn generate_shard_secret(threshold: u8, max: u8, keys_per_shard: u8) -> Result<(
|
||||||
i + 1,
|
i + 1,
|
||||||
index + 1,
|
index + 1,
|
||||||
)))?;
|
)))?;
|
||||||
factory_reset_current_card(&mut seen_cards, &cert)?;
|
// TODO: add a second prompt for verification, perhaps as an argument to
|
||||||
|
// prompt_passphrase
|
||||||
|
let user_pin = pm.prompt_passphrase("Please enter the new smartcard User PIN: ")?;
|
||||||
|
let admin_pin = pm.prompt_passphrase("Please enter the new smartcard Admin PIN: ")?;
|
||||||
|
factory_reset_current_card(
|
||||||
|
&mut seen_cards,
|
||||||
|
user_pin.trim(),
|
||||||
|
admin_pin.trim(),
|
||||||
|
&cert,
|
||||||
|
)?;
|
||||||
}
|
}
|
||||||
certs.push(cert);
|
certs.push(cert);
|
||||||
}
|
}
|
||||||
|
|
|
@ -10,7 +10,7 @@ fn main() -> ExitCode {
|
||||||
let opts = cli::Keyfork::parse();
|
let opts = cli::Keyfork::parse();
|
||||||
|
|
||||||
if let Err(e) = opts.command .handle(&opts) {
|
if let Err(e) = opts.command .handle(&opts) {
|
||||||
println!("Unable to run command: {e}");
|
eprintln!("Unable to run command: {e}");
|
||||||
let mut source = e.source();
|
let mut source = e.source();
|
||||||
while let Some(new_error) = source.take() {
|
while let Some(new_error) = source.take() {
|
||||||
eprintln!("Source: {new_error}");
|
eprintln!("Source: {new_error}");
|
||||||
|
|
Loading…
Reference in New Issue