Struct openpgp_card_sequoia::Card

pub struct Card<S>where
    S: State,{ /* private fields */ }

Representation of an OpenPGP card.

A card transitions between States by starting a transaction (that groups together a number of operations into an atomic sequence) and via PIN presentation.

Depending on the State of the card, and the access privileges that are associated with that state, different operations can be performed. In many cases, client software will want to transition between states while performing one activity for the user.

Implementations

impl Card<Open>

pub fn transaction(&mut self) -> Result<Card<Transaction<'_>>, Error>

pub fn into_card(self) -> Box<dyn CardBackend + Send + Sync>

Get the internal CardBackend.

This is useful to perform operations on the card with a different crate, e.g. yubikey-management.

impl<'a> Card<Transaction<'a>>

pub fn new(opt: OpenPgpTransaction<'a>) -> Result<Self, Error>

Do not use!

FIXME: this interface is currently used in card-functionality, for testing. It will be removed.

pub fn reload_ard(&mut self) -> Result<(), Error>

Replace cached “application related data” in this instance of Open with the current data on the card.

This is needed e.g. after importing or generating keys on a card, to see these changes reflected in self.ard.

pub fn feature_pinpad_verify(&mut self) -> bool

pub fn feature_pinpad_modify(&mut self) -> bool

pub fn verify_user(&mut self, pin: &[u8]) -> Result<(), Error>

pub fn verify_user_pinpad( &mut self, pinpad_prompt: &dyn Fn() ) -> Result<(), Error>

pub fn verify_user_for_signing(&mut self, pin: &[u8]) -> Result<(), Error>

pub fn verify_user_for_signing_pinpad( &mut self, pinpad_prompt: &dyn Fn() ) -> Result<(), Error>

pub fn verify_admin(&mut self, pin: &[u8]) -> Result<(), Error>

pub fn verify_admin_pinpad( &mut self, pinpad_prompt: &dyn Fn() ) -> Result<(), Error>

pub fn check_user_verified(&mut self) -> Result<(), Error>

Ask the card if the user password has been successfully verified.

NOTE: on some cards this functionality seems broken.

pub fn check_admin_verified(&mut self) -> Result<(), Error>

Ask the card if the admin password has been successfully verified.

NOTE: on some cards this functionality seems broken.

pub fn change_user_pin(&mut self, old: &[u8], new: &[u8]) -> Result<(), Error>

pub fn change_user_pin_pinpad( &mut self, pinpad_prompt: &dyn Fn() ) -> Result<(), Error>

pub fn reset_user_pin(&mut self, rst: &[u8], new: &[u8]) -> Result<(), Error>

pub fn change_admin_pin(&mut self, old: &[u8], new: &[u8]) -> Result<(), Error>

pub fn change_admin_pin_pinpad( &mut self, pinpad_prompt: &dyn Fn() ) -> Result<(), Error>

pub fn user_card<'b>(&'b mut self) -> Option<Card<User<'a, 'b>>>

Get a view of the card authenticated for “User” commands.

pub fn signing_card<'b>(&'b mut self) -> Option<Card<Sign<'a, 'b>>>

Get a view of the card authenticated for Signing.

pub fn admin_card<'b>(&'b mut self) -> Option<Card<Admin<'a, 'b>>>

Get a view of the card authenticated for “Admin” commands.

pub fn application_identifier(&self) -> Result<ApplicationIdentifier, Error>

pub fn historical_bytes(&self) -> Result<HistoricalBytes, Error>

pub fn extended_length_information( &self ) -> Result<Option<ExtendedLengthInfo>, Error>

pub fn extended_capabilities(&self) -> Result<ExtendedCapabilities, Error>

pub fn algorithm_attributes(&self, key_type: KeyType) -> Result<Algo, Error>

pub fn pw_status_bytes(&self) -> Result<PWStatusBytes, Error>

PW status Bytes

pub fn fingerprints(&self) -> Result<KeySet<Fingerprint>, Error>

pub fn ca_fingerprints(&self) -> Result<[Option<Fingerprint>; 3], Error>

pub fn key_generation_times(&self) -> Result<KeySet<KeyGenerationTime>, Error>

pub fn key_information(&self) -> Result<Option<KeyInformation>, Error>

pub fn uif_signing(&self) -> Result<Option<UIF>, Error>

pub fn uif_decryption(&self) -> Result<Option<UIF>, Error>

pub fn uif_authentication(&self) -> Result<Option<UIF>, Error>

pub fn uif_attestation(&self) -> Result<Option<UIF>, Error>

pub fn login_data(&mut self) -> Result<String, Error>

pub fn url(&mut self) -> Result<String, Error>

Get “hardholder” URL from the card.

“The URL should contain a link to a set of public keys in OpenPGP format, related to the card.”

pub fn cardholder_related_data( &mut self ) -> Result<CardholderRelatedData, Error>

pub fn cardholder_name(&mut self) -> Result<Option<String>, Error>

Get cardholder name as a String (this also normalizes the “<” and “<<” filler chars)

pub fn security_support_template( &mut self ) -> Result<SecuritySupportTemplate, Error>

pub fn select_data( &mut self, num: u8, tag: &[u8], yk_workaround: bool ) -> Result<(), Error>

SELECT DATA (“select a DO in the current template”).

pub fn cardholder_certificate(&mut self) -> Result<Vec<u8>, Error>

Get cardholder certificate.

Call select_data() before calling this fn to select a particular certificate (if the card supports multiple certificates).

pub fn next_cardholder_certificate(&mut self) -> Result<Vec<u8>, Error>

“GET NEXT DATA” for the DO cardholder certificate.

Cardholder certificate data for multiple slots can be read from the card by first calling cardholder_certificate(), followed by up to two calls to next_cardholder_certificate().

pub fn algorithm_information(&mut self) -> Result<Option<AlgoInfo>, Error>

pub fn manage_security_environment( &mut self, for_operation: KeyType, key_ref: KeyType ) -> Result<(), Error>

“MANAGE SECURITY ENVIRONMENT” Make key_ref usable for the operation normally done by the key designated by for_operation

pub fn attestation_certificate(&mut self) -> Result<Vec<u8>, Error>

Get “Attestation Certificate (Yubico)”

pub fn attestation_key_fingerprint( &mut self ) -> Result<Option<Fingerprint>, Error>

pub fn attestation_key_algorithm_attributes( &mut self ) -> Result<Option<Algo>, Error>

pub fn attestation_key_generation_time( &mut self ) -> Result<Option<KeyGenerationTime>, Error>

pub fn firmware_version(&mut self) -> Result<Vec<u8>, Error>

Firmware Version, YubiKey specific (?)

pub fn set_identity(&mut self, id: u8) -> Result<(), Error>

Set “identity”, Nitrokey Start specific (possible values: 0, 1, 2). https://docs.nitrokey.com/start/windows/multiple-identities.html

A Nitrokey Start can present as 3 different virtual OpenPGP cards. This command enables one of those virtual cards.

Each virtual card identity behaves like a separate, independent OpenPGP card.

pub fn public_key_material( &mut self, key_type: KeyType ) -> Result<PublicKeyMaterial, Error>

pub fn factory_reset(&mut self) -> Result<(), Error>

Delete all state on this OpenPGP card

pub fn public_key(&mut self, kt: KeyType) -> Result<Option<PublicKey>, Error>

Get PublicKey representation for a key slot on the card

impl<'app, 'open> Card<User<'app, 'open>>

pub fn decryptor( &mut self, touch_prompt: &'open (dyn Fn() + Send + Sync) ) -> Result<CardDecryptor<'_, 'app>, Error>

pub fn decryptor_from_public( &mut self, pubkey: PublicKey, touch_prompt: &'open (dyn Fn() + Send + Sync) ) -> CardDecryptor<'_, 'app>

pub fn authenticator( &mut self, touch_prompt: &'open (dyn Fn() + Send + Sync) ) -> Result<CardSigner<'_, 'app>, Error>

pub fn authenticator_from_public( &mut self, pubkey: PublicKey, touch_prompt: &'open (dyn Fn() + Send + Sync) ) -> CardSigner<'_, 'app>

impl<'app, 'open> Card<Sign<'app, 'open>>

pub fn signer( &mut self, touch_prompt: &'open (dyn Fn() + Send + Sync) ) -> Result<CardSigner<'_, 'app>, Error>

pub fn signer_from_public( &mut self, pubkey: PublicKey, touch_prompt: &'open (dyn Fn() + Send + Sync) ) -> CardSigner<'_, 'app>

pub fn generate_attestation( &mut self, key_type: KeyType, touch_prompt: &'open (dyn Fn() + Send + Sync) ) -> Result<(), Error>

Generate Attestation (Yubico)

impl<'app, 'open> Card<Admin<'app, 'open>>

pub fn as_open(&mut self) -> &mut Card<Transaction<'app>>

impl Card<Admin<'_, '_>>

pub fn set_name(&mut self, name: &str) -> Result<(), Error>

pub fn set_lang(&mut self, lang: &[Lang]) -> Result<(), Error>

pub fn set_sex(&mut self, sex: Sex) -> Result<(), Error>

pub fn set_login_data(&mut self, login_data: &str) -> Result<(), Error>

pub fn set_url(&mut self, url: &str) -> Result<(), Error>

Set “hardholder” URL on the card.

“The URL should contain a link to a set of public keys in OpenPGP format, related to the card.”

pub fn set_uif( &mut self, key: KeyType, policy: TouchPolicy ) -> Result<(), Error>

pub fn set_resetting_code(&mut self, pin: &[u8]) -> Result<(), Error>

pub fn set_pso_enc_dec_key(&mut self, key: &[u8]) -> Result<(), Error>

pub fn reset_user_pin(&mut self, new: &[u8]) -> Result<(), Error>

pub fn upload_key( &mut self, vka: ValidErasedKeyAmalgamation<'_, SecretParts>, key_type: KeyType, password: Option<String> ) -> Result<(), Error>

Upload a ValidErasedKeyAmalgamation to the card as a specific KeyType.

(The caller needs to make sure that vka is suitable as key_type)

pub fn generate_key_simple( &mut self, key_type: KeyType, algo: Option<AlgoSimple> ) -> Result<(PublicKeyMaterial, KeyGenerationTime), Error>

Trait Implementations

impl<B> From<B> for Card<Open>where B: Into<Box<dyn CardBackend + Send + Sync>>,

fn from(backend: B) -> Self

Converts to this type from the input type.