feat: v1.0.7, offline init support yubikey

Cargo.lock

@@ -1007,7 +1007,7 @@ checksum = "78b3ae25bc7c8c38cec158d1f2757ee79e9b3740fbc7ccf0e59e4b08d793fa89"
 
 [[package]]
 name = "local-mini-kms"
-version = "1.0.6"
+version = "1.0.7"
 dependencies = [
  "aes-gcm-stream",
  "aes-kw",

Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "local-mini-kms"
-version = "1.0.6"
+version = "1.0.7"
 edition = "2021"
 
 # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html

src/cli.rs

@@ -6,7 +6,7 @@ use clap::{App, Arg, ArgMatches, SubCommand};
 use hyper::body::Buf;
 use hyper::{Body, Client, Method, Request, Response, StatusCode};
 use rust_util::util_clap::{Command, CommandError};
-use rust_util::{debugging, opt_value_result, simple_error, success, XResult};
+use rust_util::{debugging, opt_result, opt_value_result, simple_error, success, XResult};
 use serde_json::{json, Map, Value};
 
 use crate::jose;
@@ -205,6 +205,19 @@ fn do_offline_init(_arg_matches: &ArgMatches<'_>, _sub_arg_matches: &ArgMatches<
     } else if line.starts_with("base64:") {
         let base64: String = line.chars().skip(7).collect();
         STANDARD.decode(&base64)?
+    } else if line.starts_with("LKMS:")   {
+        #[cfg(feature = "yubikey")]
+        {
+            use crate::yubikey_hmac;
+            // Yubikey Hmac encrypted key
+            let challenge = opt_result!(
+                pinentry_util::read_pin(Some("Input yubikey challenge"), Some("Challenge: ")), "Read challenge failed: {}");
+            let derived_key = yubikey_hmac::yubikey_challenge_as_32_bytes(challenge.get_pin().as_bytes())?;
+            let (key, _) = jose::deserialize_jwe_aes(&line, &derived_key)?;
+            key
+        }
+        #[cfg(not(feature = "yubikey"))]
+        return simple_error!("Yubikey feature is not enabled.");
     } else {
         line.as_bytes().to_vec()
     };