hatter/tiny-encrypt-rs
1
1
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

feat: v1.7.3, supports pinentry

Browse Source
This commit is contained in:
Hatter Jiang
2024-01-10 00:44:27 +08:00
parent 2bcb0fe5c4
commit 2bf0614854
3 changed files with 11 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/cmd_decrypt.rs
View File

@@ -488,7 +488,7 @@ fn try_decrypt_piv_key_ecdh(config: &Option<TinyEncryptConfig>,
SubjectPublicKeyInfo::from_der(&e_pub_key_bytes), "Invalid envelop: {}"); SubjectPublicKeyInfo::from_der(&e_pub_key_bytes), "Invalid envelop: {}");
let slot = util_piv::read_piv_slot(config, &envelop.kid, slot)?; let slot = util_piv::read_piv_slot(config, &envelop.kid, slot)?;
let pin = util::read_pin(pin); let pin = util::read_pin(pin)?;
let epk_bytes = subject_public_key_info.subject_public_key.as_ref(); let epk_bytes = subject_public_key_info.subject_public_key.as_ref();
let mut yk = opt_result!(YubiKey::open(), "YubiKey not found: {}"); let mut yk = opt_result!(YubiKey::open(), "YubiKey not found: {}");
@@ -518,7 +518,7 @@ fn try_decrypt_piv_key_rsa(config: &Option<TinyEncryptConfig>,
let encrypted_key_bytes = opt_result!(util::decode_base64(&envelop.encrypted_key), "Decode encrypt key failed: {}"); let encrypted_key_bytes = opt_result!(util::decode_base64(&envelop.encrypted_key), "Decode encrypt key failed: {}");
let slot = util_piv::read_piv_slot(config, &envelop.kid, slot)?; let slot = util_piv::read_piv_slot(config, &envelop.kid, slot)?;
let pin = util::read_pin(pin); let pin = util::read_pin(pin)?;
let mut yk = opt_result!(YubiKey::open(), "YubiKey not found: {}"); let mut yk = opt_result!(YubiKey::open(), "YubiKey not found: {}");
let slot_id = util_piv::get_slot_id(&slot)?; let slot_id = util_piv::get_slot_id(&slot)?;

16
src/util.rs
View File

@@ -28,8 +28,8 @@ impl AsRef<[u8]> for SecVec {
} }
} }
pub fn read_pin(pin: &Option<String>) -> String { pub fn read_pin(pin: &Option<String>) -> XResult<String> {
match pin { let rpin = match pin {
Some(pin) => pin.to_string(), Some(pin) => pin.to_string(),
None => if !util_env::get_no_default_pin_hint() && util_term::read_yes_no("Use default PIN 123456, please confirm") { None => if !util_env::get_no_default_pin_hint() && util_term::read_yes_no("Use default PIN 123456, please confirm") {
"123456".into() "123456".into()
@@ -37,18 +37,18 @@ pub fn read_pin(pin: &Option<String>) -> String {
let pin_entry = util_env::get_pin_entry().unwrap_or_else(|| "pinentry".to_string()); let pin_entry = util_env::get_pin_entry().unwrap_or_else(|| "pinentry".to_string());
if let Some(mut input) = PassphraseInput::with_binary(pin_entry) { if let Some(mut input) = PassphraseInput::with_binary(pin_entry) {
let secret = input let secret = input
.with_description("Enter new passphrase for FooBar") .with_description("Please input your PIN.")
.with_prompt("Passphrase:") .with_prompt("PIN:")
.with_confirmation("Confirm passphrase:", "Passphrases do not match")
.interact(); .interact();
secret.expect("Read PIN from pinentry failed") opt_result!(secret, "Read PIN from pinentry failed: {}")
.expose_secret() .expose_secret()
.to_string() .to_string()
} else { } else {
rpassword::prompt_password("Please input PIN: ").expect("Read PIN failed") opt_result!(rpassword::prompt_password("Please input PIN: "), "Read PIN failed: {}")
} }
} }
} };
Ok(rpin)
} }
pub fn remove_file_with_msg(path: &PathBuf) { pub fn remove_file_with_msg(path: &PathBuf) {

2
src/util_pgp.rs
View File

@@ -5,7 +5,7 @@ use rust_util::{failure, opt_result, opt_value_result, simple_error, success, wa
use crate::util; use crate::util;
pub fn read_and_verify_openpgp_pin(trans: &mut OpenPgpTransaction, pin: &Option<String>) -> XResult<()> { pub fn read_and_verify_openpgp_pin(trans: &mut OpenPgpTransaction, pin: &Option<String>) -> XResult<()> {
let pin = util::read_pin(pin); let pin = util::read_pin(pin)?;
if let Err(e) = trans.verify_pw1_user(pin.as_ref()) { if let Err(e) = trans.verify_pw1_user(pin.as_ref()) {
failure!("Verify user pin failed: {}", e); failure!("Verify user pin failed: {}", e);
return simple_error!("User pin verify failed: {}", e); return simple_error!("User pin verify failed: {}", e);