Add Device::build_aes_key method

This patch adds the build_aes_key method to the Device trait that uses
the NK_build_aes_key function to build new AES keys on the device.  This
effectively resets the password safe and the encrypted storage.  It is
unclear whether other data (e. g. the one-time passwords) are affected
too.

1 files changed, 6 insertions, 0 deletions

diff --git a/src/pws.rs b/src/pws.rs
index c20ad1d..ebd5fcd 100644
--- a/src/pws.rs
+++ b/src/pws.rs
@@ -71,6 +71,11 @@ pub trait GetPasswordSafe {
     /// has been used.  Otherwise, other applications can access the password store without
     /// authentication.
     ///
+    /// If this method returns an `AesDecryptionFailed` (Nitrokey Pro) or `Unknown` (Nitrokey
+    /// Storage) error, the AES data object on the smart card could not be accessed.  This problem
+    /// occurs after a factory reset using `gpg --card-edit` and can be fixed using the
+    /// [`Device::build_aes_key`][] command.
+    ///
     /// # Errors
     ///
     /// - [`AesDecryptionFailed`][] if the secret for the password safe could not be decrypted
@@ -104,6 +109,7 @@ pub trait GetPasswordSafe {
     /// [`device`]: struct.PasswordSafe.html#method.device
     /// [`lock`]: trait.Device.html#method.lock
     /// [`AesDecryptionFailed`]: enum.CommandError.html#variant.AesDecryptionFailed
+    /// [`Device::build_aes_key`]: trait.Device.html#method.build_aes_key
     /// [`InvalidString`]: enum.CommandError.html#variant.InvalidString
     /// [`Unknown`]: enum.CommandError.html#variant.Unknown
     /// [`WrongPassword`]: enum.CommandError.html#variant.WrongPassword