hatter/card-cli
1
1
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

feat: piv decrypt

Browse Source
This commit is contained in:
Hatter Jiang
2024-06-10 19:51:22 +08:00
parent 9caee95711
commit 320664bfa0
1 changed files with 11 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
src/cmd_pivdecrypt.rs
View File

@@ -3,9 +3,11 @@ use std::collections::BTreeMap;
use clap::{App, Arg, ArgMatches, SubCommand};
use rust_util::util_clap::{Command, CommandError};
use rust_util::util_msg;
use yubikey::piv::{AlgorithmId, SlotId};
use yubikey::piv::AlgorithmId;
use yubikey::YubiKey;
use crate::pivutil;
pub struct CommandImpl;
impl Command for CommandImpl {
@@ -13,8 +15,9 @@ impl Command for CommandImpl {
fn subcommand<'a>(&self) -> App<'a, 'a> {
SubCommand::with_name(self.name()).about("PIV Decrypt(RSA) subcommand")
.arg(Arg::with_name("slot").short("s").long("slot").takes_value(true).help("PIV slot, e.g. 82, 83 ... 95, 9a, 9c, 9d, 9e"))
.arg(Arg::with_name("pin").short("p").long("pin").takes_value(true).default_value("123456").help("OpenPGP card user pin"))
.arg(Arg::with_name("encrypted-data").long("encrypted-data").takes_value(true).help("Encrypted data"))
.arg(Arg::with_name("encrypted-data").long("encrypted-data").takes_value(true).help("Encrypted data (HEX)"))
.arg(Arg::with_name("json").long("json").help("JSON output"))
}
@@ -22,6 +25,8 @@ impl Command for CommandImpl {
let json_output = sub_arg_matches.is_present("json");
if json_output { util_msg::set_logger_std_out(false); }
let slot = opt_value_result!(sub_arg_matches.value_of("slot"), "--slot must assigned, e.g. 82, 83 ... 95, 9a, 9c, 9d, 9e");
let pin_opt = sub_arg_matches.value_of("pin");
let pin = opt_value_result!(pin_opt, "User pin must be assigned");
@@ -34,8 +39,10 @@ impl Command for CommandImpl {
let mut yk = opt_result!(YubiKey::open(), "YubiKey not found: {}");
opt_result!(yk.verify_pin(pin.as_bytes()), "YubiKey verify pin failed: {}");
let sign_result = yubikey::piv::sign_data(&mut yk, &encrypted_data, AlgorithmId::Rsa2048, SlotId::KeyManagement);
let decrypted_data = opt_result!(sign_result, "Decrypt data failed: {}");
let slot_id = pivutil::get_slot_id(slot)?;
let decrypt_result = yubikey::piv::decrypt_data(&mut yk, &encrypted_data, AlgorithmId::Rsa2048, slot_id);
// let sign_result = yubikey::piv::sign_data(&mut yk, &encrypted_data, AlgorithmId::Rsa2048, SlotId::KeyManagement);
let decrypted_data = opt_result!(decrypt_result, "Decrypt data failed: {}");
let decrypted_data_bytes = decrypted_data.as_slice();
information!("Decrypted raw data: {}", hex::encode(decrypted_data_bytes));