hatter/card-cli
1
1
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

feat: v1.9.4

Browse Source
This commit is contained in:
Hatter Jiang
2024-06-16 00:07:50 +08:00
parent 320664bfa0
commit 32ab2d3d6d
21 changed files with 60 additions and 39 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
src/cmd_pivdecrypt.rs
View File

@@ -7,6 +7,7 @@ use yubikey::piv::AlgorithmId;
use yubikey::YubiKey;
use crate::pivutil;
use crate::util::try_decode;
pub struct CommandImpl;
@@ -14,10 +15,10 @@ impl Command for CommandImpl {
fn name(&self) -> &str { "piv-decrypt" }
fn subcommand<'a>(&self) -> App<'a, 'a> {
SubCommand::with_name(self.name()).about("PIV Decrypt(RSA) subcommand")
SubCommand::with_name(self.name()).about("PIV decrypt(RSA) subcommand")
.arg(Arg::with_name("slot").short("s").long("slot").takes_value(true).help("PIV slot, e.g. 82, 83 ... 95, 9a, 9c, 9d, 9e"))
.arg(Arg::with_name("pin").short("p").long("pin").takes_value(true).default_value("123456").help("OpenPGP card user pin"))
.arg(Arg::with_name("encrypted-data").long("encrypted-data").takes_value(true).help("Encrypted data (HEX)"))
.arg(Arg::with_name("ciphertext").long("ciphertext").short("c").takes_value(true).help("Encrypted data (HEX or Base64)"))
.arg(Arg::with_name("json").long("json").help("JSON output"))
}
@@ -30,18 +31,18 @@ impl Command for CommandImpl {
let pin_opt = sub_arg_matches.value_of("pin");
let pin = opt_value_result!(pin_opt, "User pin must be assigned");
let encrypted_data = if let Some(encrypted_data_hex) = sub_arg_matches.value_of("encrypted-data") {
opt_result!(hex::decode(encrypted_data_hex), "Decode --encrypted-data failed: {}")
let encrypted_data = if let Some(ciphertext) = sub_arg_matches.value_of("ciphertext") {
opt_result!(try_decode(ciphertext), "Decode --ciphertext failed: {}")
} else {
return simple_error!("Argument --data or --data-hex must assign one");
return simple_error!("Argument --ciphertext must be assigned");
};
let mut yk = opt_result!(YubiKey::open(), "YubiKey not found: {}");
opt_result!(yk.verify_pin(pin.as_bytes()), "YubiKey verify pin failed: {}");
let slot_id = pivutil::get_slot_id(slot)?;
let decrypt_result = yubikey::piv::decrypt_data(&mut yk, &encrypted_data, AlgorithmId::Rsa2048, slot_id);
// let sign_result = yubikey::piv::sign_data(&mut yk, &encrypted_data, AlgorithmId::Rsa2048, SlotId::KeyManagement);
let decrypt_result = yubikey::piv::decrypt_data(&mut yk, &encrypted_data,
AlgorithmId::Rsa2048, slot_id);
let decrypted_data = opt_result!(decrypt_result, "Decrypt data failed: {}");
let decrypted_data_bytes = decrypted_data.as_slice();