Struct openpgp_card_sequoia::Card
source · pub struct Card<S>where
S: State,{ /* private fields */ }
Expand description
Representation of an OpenPGP card.
A card transitions between State
s by starting a transaction (that groups together a number
of operations into an atomic sequence) and via PIN presentation.
Depending on the State
of the card, and the access privileges that are associated with that
state, different operations can be performed. In many cases, client software will want to
transition between states while performing one activity for the user.
Implementations§
source§impl Card<Open>
impl Card<Open>
pub fn transaction(&mut self) -> Result<Card<Transaction<'_>>, Error>
source§impl<'a> Card<Transaction<'a>>
impl<'a> Card<Transaction<'a>>
sourcepub fn new(opt: OpenPgpTransaction<'a>) -> Result<Self, Error>
pub fn new(opt: OpenPgpTransaction<'a>) -> Result<Self, Error>
Do not use!
FIXME: this interface is currently used in card-functionality
, for testing.
It will be removed.
sourcepub fn reload_ard(&mut self) -> Result<(), Error>
pub fn reload_ard(&mut self) -> Result<(), Error>
Replace cached “application related data” in this instance of Open with the current data on the card.
This is needed e.g. after importing or generating keys on a card, to
see these changes reflected in self.ard
.
pub fn feature_pinpad_verify(&mut self) -> bool
pub fn feature_pinpad_modify(&mut self) -> bool
pub fn verify_user(&mut self, pin: &[u8]) -> Result<(), Error>
pub fn verify_user_pinpad( &mut self, pinpad_prompt: &dyn Fn() ) -> Result<(), Error>
pub fn verify_user_for_signing(&mut self, pin: &[u8]) -> Result<(), Error>
pub fn verify_user_for_signing_pinpad( &mut self, pinpad_prompt: &dyn Fn() ) -> Result<(), Error>
pub fn verify_admin(&mut self, pin: &[u8]) -> Result<(), Error>
pub fn verify_admin_pinpad( &mut self, pinpad_prompt: &dyn Fn() ) -> Result<(), Error>
sourcepub fn check_user_verified(&mut self) -> Result<(), Error>
pub fn check_user_verified(&mut self) -> Result<(), Error>
Ask the card if the user password has been successfully verified.
NOTE: on some cards this functionality seems broken.
sourcepub fn check_admin_verified(&mut self) -> Result<(), Error>
pub fn check_admin_verified(&mut self) -> Result<(), Error>
Ask the card if the admin password has been successfully verified.
NOTE: on some cards this functionality seems broken.
pub fn change_user_pin(&mut self, old: &[u8], new: &[u8]) -> Result<(), Error>
pub fn change_user_pin_pinpad( &mut self, pinpad_prompt: &dyn Fn() ) -> Result<(), Error>
pub fn reset_user_pin(&mut self, rst: &[u8], new: &[u8]) -> Result<(), Error>
pub fn change_admin_pin(&mut self, old: &[u8], new: &[u8]) -> Result<(), Error>
pub fn change_admin_pin_pinpad( &mut self, pinpad_prompt: &dyn Fn() ) -> Result<(), Error>
sourcepub fn user_card<'b>(&'b mut self) -> Option<Card<User<'a, 'b>>>
pub fn user_card<'b>(&'b mut self) -> Option<Card<User<'a, 'b>>>
Get a view of the card authenticated for “User” commands.
sourcepub fn signing_card<'b>(&'b mut self) -> Option<Card<Sign<'a, 'b>>>
pub fn signing_card<'b>(&'b mut self) -> Option<Card<Sign<'a, 'b>>>
Get a view of the card authenticated for Signing.
sourcepub fn admin_card<'b>(&'b mut self) -> Option<Card<Admin<'a, 'b>>>
pub fn admin_card<'b>(&'b mut self) -> Option<Card<Admin<'a, 'b>>>
Get a view of the card authenticated for “Admin” commands.
pub fn application_identifier(&self) -> Result<ApplicationIdentifier, Error>
pub fn historical_bytes(&self) -> Result<HistoricalBytes, Error>
pub fn extended_length_information( &self ) -> Result<Option<ExtendedLengthInfo>, Error>
pub fn extended_capabilities(&self) -> Result<ExtendedCapabilities, Error>
pub fn algorithm_attributes(&self, key_type: KeyType) -> Result<Algo, Error>
sourcepub fn pw_status_bytes(&self) -> Result<PWStatusBytes, Error>
pub fn pw_status_bytes(&self) -> Result<PWStatusBytes, Error>
PW status Bytes
pub fn fingerprints(&self) -> Result<KeySet<Fingerprint>, Error>
pub fn ca_fingerprints(&self) -> Result<[Option<Fingerprint>; 3], Error>
pub fn key_generation_times(&self) -> Result<KeySet<KeyGenerationTime>, Error>
pub fn key_information(&self) -> Result<Option<KeyInformation>, Error>
pub fn uif_signing(&self) -> Result<Option<UIF>, Error>
pub fn uif_decryption(&self) -> Result<Option<UIF>, Error>
pub fn uif_authentication(&self) -> Result<Option<UIF>, Error>
pub fn uif_attestation(&self) -> Result<Option<UIF>, Error>
pub fn login_data(&mut self) -> Result<String, Error>
sourcepub fn url(&mut self) -> Result<String, Error>
pub fn url(&mut self) -> Result<String, Error>
Get “hardholder” URL from the card.
“The URL should contain a link to a set of public keys in OpenPGP format, related to the card.”
sourcepub fn cardholder_name(&mut self) -> Result<Option<String>, Error>
pub fn cardholder_name(&mut self) -> Result<Option<String>, Error>
Get cardholder name as a String (this also normalizes the “<” and “<<” filler chars)
pub fn security_support_template( &mut self ) -> Result<SecuritySupportTemplate, Error>
sourcepub fn select_data(
&mut self,
num: u8,
tag: &[u8],
yk_workaround: bool
) -> Result<(), Error>
pub fn select_data( &mut self, num: u8, tag: &[u8], yk_workaround: bool ) -> Result<(), Error>
SELECT DATA (“select a DO in the current template”).
sourcepub fn cardholder_certificate(&mut self) -> Result<Vec<u8>, Error>
pub fn cardholder_certificate(&mut self) -> Result<Vec<u8>, Error>
Get cardholder certificate.
Call select_data() before calling this fn to select a particular certificate (if the card supports multiple certificates).
sourcepub fn next_cardholder_certificate(&mut self) -> Result<Vec<u8>, Error>
pub fn next_cardholder_certificate(&mut self) -> Result<Vec<u8>, Error>
“GET NEXT DATA” for the DO cardholder certificate.
Cardholder certificate data for multiple slots can be read from the card by first calling cardholder_certificate(), followed by up to two calls to next_cardholder_certificate().
pub fn algorithm_information(&mut self) -> Result<Option<AlgoInfo>, Error>
sourcepub fn manage_security_environment(
&mut self,
for_operation: KeyType,
key_ref: KeyType
) -> Result<(), Error>
pub fn manage_security_environment( &mut self, for_operation: KeyType, key_ref: KeyType ) -> Result<(), Error>
“MANAGE SECURITY ENVIRONMENT”
Make key_ref
usable for the operation normally done by the key designated by for_operation
sourcepub fn attestation_certificate(&mut self) -> Result<Vec<u8>, Error>
pub fn attestation_certificate(&mut self) -> Result<Vec<u8>, Error>
Get “Attestation Certificate (Yubico)”
pub fn attestation_key_fingerprint( &mut self ) -> Result<Option<Fingerprint>, Error>
pub fn attestation_key_algorithm_attributes( &mut self ) -> Result<Option<Algo>, Error>
pub fn attestation_key_generation_time( &mut self ) -> Result<Option<KeyGenerationTime>, Error>
sourcepub fn firmware_version(&mut self) -> Result<Vec<u8>, Error>
pub fn firmware_version(&mut self) -> Result<Vec<u8>, Error>
Firmware Version, YubiKey specific (?)
sourcepub fn set_identity(&mut self, id: u8) -> Result<(), Error>
pub fn set_identity(&mut self, id: u8) -> Result<(), Error>
Set “identity”, Nitrokey Start specific (possible values: 0, 1, 2). https://docs.nitrokey.com/start/windows/multiple-identities.html
A Nitrokey Start can present as 3 different virtual OpenPGP cards. This command enables one of those virtual cards.
Each virtual card identity behaves like a separate, independent OpenPGP card.
pub fn public_key_material( &mut self, key_type: KeyType ) -> Result<PublicKeyMaterial, Error>
sourcepub fn factory_reset(&mut self) -> Result<(), Error>
pub fn factory_reset(&mut self) -> Result<(), Error>
Delete all state on this OpenPGP card
source§impl<'app, 'open> Card<User<'app, 'open>>
impl<'app, 'open> Card<User<'app, 'open>>
pub fn decryptor( &mut self, touch_prompt: &'open (dyn Fn() + Send + Sync) ) -> Result<CardDecryptor<'_, 'app>, Error>
pub fn decryptor_from_public( &mut self, pubkey: PublicKey, touch_prompt: &'open (dyn Fn() + Send + Sync) ) -> CardDecryptor<'_, 'app>
pub fn authenticator( &mut self, touch_prompt: &'open (dyn Fn() + Send + Sync) ) -> Result<CardSigner<'_, 'app>, Error>
pub fn authenticator_from_public( &mut self, pubkey: PublicKey, touch_prompt: &'open (dyn Fn() + Send + Sync) ) -> CardSigner<'_, 'app>
source§impl<'app, 'open> Card<Sign<'app, 'open>>
impl<'app, 'open> Card<Sign<'app, 'open>>
source§impl<'app, 'open> Card<Admin<'app, 'open>>
impl<'app, 'open> Card<Admin<'app, 'open>>
pub fn as_open(&mut self) -> &mut Card<Transaction<'app>>
source§impl Card<Admin<'_, '_>>
impl Card<Admin<'_, '_>>
pub fn set_name(&mut self, name: &str) -> Result<(), Error>
pub fn set_lang(&mut self, lang: &[Lang]) -> Result<(), Error>
pub fn set_sex(&mut self, sex: Sex) -> Result<(), Error>
pub fn set_login_data(&mut self, login_data: &str) -> Result<(), Error>
sourcepub fn set_url(&mut self, url: &str) -> Result<(), Error>
pub fn set_url(&mut self, url: &str) -> Result<(), Error>
Set “hardholder” URL on the card.
“The URL should contain a link to a set of public keys in OpenPGP format, related to the card.”
pub fn set_uif( &mut self, key: KeyType, policy: TouchPolicy ) -> Result<(), Error>
pub fn set_resetting_code(&mut self, pin: &[u8]) -> Result<(), Error>
pub fn set_pso_enc_dec_key(&mut self, key: &[u8]) -> Result<(), Error>
pub fn reset_user_pin(&mut self, new: &[u8]) -> Result<(), Error>
sourcepub fn upload_key(
&mut self,
vka: ValidErasedKeyAmalgamation<'_, SecretParts>,
key_type: KeyType,
password: Option<String>
) -> Result<(), Error>
pub fn upload_key( &mut self, vka: ValidErasedKeyAmalgamation<'_, SecretParts>, key_type: KeyType, password: Option<String> ) -> Result<(), Error>
Upload a ValidErasedKeyAmalgamation to the card as a specific KeyType.
(The caller needs to make sure that vka
is suitable as key_type
)