Struct nitrokey::Storage

pub struct Storage {}

A Nitrokey Storage device without user or admin authentication.

Use the global function connect to obtain an instance wrapper or the method connect to directly obtain an instance. If you want to execute a command that requires user or admin authentication, use authenticate_admin or authenticate_user.

Examples

Authentication with error handling:

use nitrokey::{Authenticate, User, Storage};

fn perform_user_task(device: &User<Storage>) {}
fn perform_other_task(device: &Storage) {}

let device = nitrokey::Storage::connect()?;
let device = match device.authenticate_user("123456") {
    Ok(user) => {
        perform_user_task(&user);
        user.device()
    },
    Err((device, err)) => {
        println!("Could not authenticate as user: {}", err);
        device
    },
};
perform_other_task(&device);

Implementations

impl Storage

pub fn connect() -> Result<Storage, CommandError>

pub fn enable_encrypted_volume(&self, user_pin: &str) -> Result<(), CommandError>

Enables the encrypted storage volume.

Once the encrypted volume is enabled, it is presented to the operating system as a block device. The API does not provide any information on the name or path of this block device.

Errors

• InvalidString if the provided password contains a null byte
• WrongPassword if the provided user password is wrong

Example

let device = nitrokey::Storage::connect()?;
match device.enable_encrypted_volume("123456") {
    Ok(()) => println!("Enabled the encrypted volume."),
    Err(err) => println!("Could not enable the encrypted volume: {}", err),
};

pub fn disable_encrypted_volume(&self) -> Result<(), CommandError>

Disables the encrypted storage volume.

Once the volume is disabled, it can be no longer accessed as a block device. If the encrypted volume has not been enabled, this method still returns a success.

Example

fn use_volume() {}

let device = nitrokey::Storage::connect()?;
match device.enable_encrypted_volume("123456") {
    Ok(()) => {
        println!("Enabled the encrypted volume.");
        use_volume();
        match device.disable_encrypted_volume() {
            Ok(()) => println!("Disabled the encrypted volume."),
            Err(err) => {
                println!("Could not disable the encrypted volume: {}", err);
            },
        };
    },
    Err(err) => println!("Could not enable the encrypted volume: {}", err),
};

pub fn get_status(&self) -> Result<StorageStatus, CommandError>

Returns the status of the connected storage device.

Example

fn use_volume() {}

let device = nitrokey::Storage::connect()?;
match device.get_status() {
    Ok(status) => {
        println!("SD card ID: {:#x}", status.serial_number_sd_card);
    },
    Err(err) => println!("Could not get Storage status: {}", err),
};

Trait Implementations

impl Authenticate for Storage

fn authenticate_user(
    self,
    password: &str
) -> Result<User<Self>, (Self, CommandError)>

Performs user authentication. This method consumes the device. If successful, an authenticated device is returned. Otherwise, the current unauthenticated device and the error are returned.

fn authenticate_admin(
    self,
    password: &str
) -> Result<Admin<Self>, (Self, CommandError)>

Performs admin authentication. This method consumes the device. If successful, an authenticated device is returned. Otherwise, the current unauthenticated device and the error are returned.

impl Debug for Storage

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.

impl Device for Storage

fn get_serial_number(&self) -> Result<String, CommandError>

Returns the serial number of the Nitrokey device. The serial number is the string representation of a hex number.

fn get_user_retry_count(&self) -> u8

Returns the number of remaining authentication attempts for the user. The total number of available attempts is three.

fn get_admin_retry_count(&self) -> u8

Returns the number of remaining authentication attempts for the admin. The total number of available attempts is three.

fn get_major_firmware_version(&self) -> i32

Returns the major part of the firmware version (should be zero).

fn get_minor_firmware_version(&self) -> i32

Returns the minor part of the firmware version (for example 8 for version 0.8).

fn get_config(&self) -> Result<Config, CommandError>

Returns the current configuration of the Nitrokey device.

fn change_admin_pin(&self, current: &str, new: &str) -> Result<(), CommandError>

Changes the administrator PIN.

fn change_user_pin(&self, current: &str, new: &str) -> Result<(), CommandError>

Changes the user PIN.

fn unlock_user_pin(
    &self,
    admin_pin: &str,
    user_pin: &str
) -> Result<(), CommandError>

Unlocks the user PIN after three failed login attempts and sets it to the given value.

fn lock(&self) -> Result<(), CommandError>

Locks the Nitrokey device.

impl Drop for Storage

fn drop(&mut self)

Executes the destructor for this type.

impl GenerateOtp for Storage

fn set_time(&self, time: u64) -> Result<(), CommandError>

Sets the time on the Nitrokey. This command may set the time to arbitrary values. time is the number of seconds since January 1st, 1970 (Unix timestamp).

fn get_hotp_slot_name(&self, slot: u8) -> Result<String, CommandError>

Returns the name of the given HOTP slot.

fn get_totp_slot_name(&self, slot: u8) -> Result<String, CommandError>

Returns the name of the given TOTP slot.

fn get_hotp_code(&self, slot: u8) -> Result<String, CommandError>

Generates an HOTP code on the given slot. This operation may require user authorization, depending on the device configuration (see get_config).

fn get_totp_code(&self, slot: u8) -> Result<String, CommandError>

Generates a TOTP code on the given slot. This operation may require user authorization, depending on the device configuration (see get_config).

impl GetPasswordSafe for Storage

fn get_password_safe(
    &self,
    user_pin: &str
) -> Result<PasswordSafe<'_>, CommandError>

Enables and returns the password safe.