keyfork wizard generate-shard-secret: add ability to set new PINs

keyforkd-client: fixup error message
2024-01-08 14:22:33 -05:00 · 2024-01-08 14:06:03 -05:00
3 changed files with 16 additions and 3 deletions
--- a/keyfork/src/cli/wizard.rs
+++ b/keyfork/src/cli/wizard.rs
@ -46,6 +46,8 @@ fn derive_key(seed: &[u8], index: u8) -> Result<Cert> {
 /// Factory reset the current card so long as it does not match the last-used backend.
 fn factory_reset_current_card(
    seen_cards: &mut HashSet<String>,
+    user_pin: &str,
+    admin_pin: &str,
    cert: &Cert,
 ) -> Result<()> {
    let policy = openpgp::policy::NullPolicy::new();
@ -83,6 +85,8 @@ fn factory_reset_current_card(
        admin.upload_key(signing_key, KeyType::Signing, None)?;
        admin.upload_key(decryption_key, KeyType::Decryption, None)?;
        admin.upload_key(authentication_key, KeyType::Authentication, None)?;
+        transaction.change_user_pin("123456", user_pin)?;
+        transaction.change_admin_pin("12345678", admin_pin)?;
    } else {
        panic!("No smart card found");
    }
@ -104,7 +108,16 @@ fn generate_shard_secret(threshold: u8, max: u8, keys_per_shard: u8) -> Result<(
                i + 1,
                index + 1,
            )))?;
-            factory_reset_current_card(&mut seen_cards, &cert)?;
+            // TODO: add a second prompt for verification, perhaps as an argument to
+            // prompt_passphrase
+            let user_pin = pm.prompt_passphrase("Please enter the new smartcard User PIN: ")?;
+            let admin_pin = pm.prompt_passphrase("Please enter the new smartcard Admin PIN: ")?;
+            factory_reset_current_card(
+                &mut seen_cards,
+                user_pin.trim(),
+                admin_pin.trim(),
+                &cert,
+            )?;
        }
        certs.push(cert);
    }
--- a/keyfork/src/main.rs
+++ b/keyfork/src/main.rs
@ -10,7 +10,7 @@ fn main() -> ExitCode {
    let opts = cli::Keyfork::parse();

    if let Err(e) = opts.command .handle(&opts) {
-        println!("Unable to run command: {e}");
+        eprintln!("Unable to run command: {e}");
        let mut source = e.source();
        while let Some(new_error) = source.take() {
            eprintln!("Source: {new_error}");
--- a/keyforkd-client/src/lib.rs
+++ b/keyforkd-client/src/lib.rs
@ -11,7 +11,7 @@ pub enum Error {
    #[error("Neither KEYFORK_SOCKET_PATH nor XDG_RUNTIME_DIR were set")]
    EnvVarsNotFound,

-    #[error("Socket was unable to connect to {1}: {0}")]
+    #[error("Socket was unable to connect to {1}: {0} (make sure keyforkd is running)")]
    Connect(std::io::Error, PathBuf),

    #[error("Could not write to or from the socket: {0}")]
Author	SHA1	Message	Date
Ryan Heywood	9375bc3933	keyfork wizard generate-shard-secret: add ability to set new PINs	2024-01-08 14:22:33 -05:00
Ryan Heywood	49f7374f2f	keyforkd-client: fixup error message	2024-01-08 14:06:03 -05:00