Compare commits

..

2 Commits

3 changed files with 16 additions and 3 deletions

View File

@ -46,6 +46,8 @@ fn derive_key(seed: &[u8], index: u8) -> Result<Cert> {
/// Factory reset the current card so long as it does not match the last-used backend.
fn factory_reset_current_card(
seen_cards: &mut HashSet<String>,
user_pin: &str,
admin_pin: &str,
cert: &Cert,
) -> Result<()> {
let policy = openpgp::policy::NullPolicy::new();
@ -83,6 +85,8 @@ fn factory_reset_current_card(
admin.upload_key(signing_key, KeyType::Signing, None)?;
admin.upload_key(decryption_key, KeyType::Decryption, None)?;
admin.upload_key(authentication_key, KeyType::Authentication, None)?;
transaction.change_user_pin("123456", user_pin)?;
transaction.change_admin_pin("12345678", admin_pin)?;
} else {
panic!("No smart card found");
}
@ -104,7 +108,16 @@ fn generate_shard_secret(threshold: u8, max: u8, keys_per_shard: u8) -> Result<(
i + 1,
index + 1,
)))?;
factory_reset_current_card(&mut seen_cards, &cert)?;
// TODO: add a second prompt for verification, perhaps as an argument to
// prompt_passphrase
let user_pin = pm.prompt_passphrase("Please enter the new smartcard User PIN: ")?;
let admin_pin = pm.prompt_passphrase("Please enter the new smartcard Admin PIN: ")?;
factory_reset_current_card(
&mut seen_cards,
user_pin.trim(),
admin_pin.trim(),
&cert,
)?;
}
certs.push(cert);
}

View File

@ -10,7 +10,7 @@ fn main() -> ExitCode {
let opts = cli::Keyfork::parse();
if let Err(e) = opts.command .handle(&opts) {
println!("Unable to run command: {e}");
eprintln!("Unable to run command: {e}");
let mut source = e.source();
while let Some(new_error) = source.take() {
eprintln!("Source: {new_error}");

View File

@ -11,7 +11,7 @@ pub enum Error {
#[error("Neither KEYFORK_SOCKET_PATH nor XDG_RUNTIME_DIR were set")]
EnvVarsNotFound,
#[error("Socket was unable to connect to {1}: {0}")]
#[error("Socket was unable to connect to {1}: {0} (make sure keyforkd is running)")]
Connect(std::io::Error, PathBuf),
#[error("Could not write to or from the socket: {0}")]