summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--src/device.rs11
-rw-r--r--tests/device.rs2
2 files changed, 11 insertions, 2 deletions
diff --git a/src/device.rs b/src/device.rs
index aaf6283..78d0d82 100644
--- a/src/device.rs
+++ b/src/device.rs
@@ -515,6 +515,8 @@ pub trait Device: Authenticate + GetPasswordSafe + GenerateOtp {
///
/// This commands performs a factory reset on the smart card (like the factory reset via `gpg
/// --card-edit`) and then clears the flash memory (password safe, one-time passwords etc.).
+ /// After a factory reset, [`build_aes_key`][] has to be called before the password safe or the
+ /// encrypted volume can be used.
///
/// # Errors
///
@@ -536,6 +538,8 @@ pub trait Device: Authenticate + GetPasswordSafe + GenerateOtp {
/// # Ok(())
/// # }
/// ```
+ ///
+ /// [`build_aes_key`]: #method.build_aes_key
fn factory_reset(&self, admin_pin: &str) -> Result<(), CommandError> {
let admin_pin_string = get_cstring(admin_pin)?;
unsafe { get_command_result(nitrokey_sys::NK_factory_reset(admin_pin_string.as_ptr())) }
@@ -544,8 +548,9 @@ pub trait Device: Authenticate + GetPasswordSafe + GenerateOtp {
/// Builds a new AES key on the Nitrokey.
///
/// The AES key is used to encrypt the password safe and the encrypted volume. You may need
- /// to call this method after a factory reset using `gpg --card-edit`. You can also use it to
- /// destory the data stored in the password safe or on the encrypted volume.
+ /// to call this method after a factory reset, either using [`factory_reset`][] or using `gpg
+ /// --card-edit`. You can also use it to destory the data stored in the password safe or on
+ /// the encrypted volume.
///
/// # Errors
///
@@ -567,6 +572,8 @@ pub trait Device: Authenticate + GetPasswordSafe + GenerateOtp {
/// # Ok(())
/// # }
/// ```
+ ///
+ /// [`factory_reset`]: #method.factory_reset
fn build_aes_key(&self, admin_pin: &str) -> Result<(), CommandError> {
let admin_pin_string = get_cstring(admin_pin)?;
unsafe { get_command_result(nitrokey_sys::NK_build_aes_key(admin_pin_string.as_ptr())) }
diff --git a/tests/device.rs b/tests/device.rs
index 06e014e..0ad4987 100644
--- a/tests/device.rs
+++ b/tests/device.rs
@@ -344,6 +344,8 @@ fn factory_reset() {
assert_ne!("test".to_string(), pws.get_slot_name(0).unwrap());
assert_ne!("testlogin".to_string(), pws.get_slot_login(0).unwrap());
assert_ne!("testpw".to_string(), pws.get_slot_password(0).unwrap());
+
+ assert_eq!(Ok(()), device.build_aes_key(ADMIN_PASSWORD));
}
#[test]