From 616f84c13a4e676d3e2f870533fb1b8778c5f614 Mon Sep 17 00:00:00 2001 From: Robin Krahl Date: Thu, 3 Jan 2019 17:04:50 +0000 Subject: Add Device::build_aes_key method This patch adds the build_aes_key method to the Device trait that uses the NK_build_aes_key function to build new AES keys on the device. This effectively resets the password safe and the encrypted storage. It is unclear whether other data (e. g. the one-time passwords) are affected too. --- src/pws.rs | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'src/pws.rs') diff --git a/src/pws.rs b/src/pws.rs index c20ad1d..ebd5fcd 100644 --- a/src/pws.rs +++ b/src/pws.rs @@ -71,6 +71,11 @@ pub trait GetPasswordSafe { /// has been used. Otherwise, other applications can access the password store without /// authentication. /// + /// If this method returns an `AesDecryptionFailed` (Nitrokey Pro) or `Unknown` (Nitrokey + /// Storage) error, the AES data object on the smart card could not be accessed. This problem + /// occurs after a factory reset using `gpg --card-edit` and can be fixed using the + /// [`Device::build_aes_key`][] command. + /// /// # Errors /// /// - [`AesDecryptionFailed`][] if the secret for the password safe could not be decrypted @@ -104,6 +109,7 @@ pub trait GetPasswordSafe { /// [`device`]: struct.PasswordSafe.html#method.device /// [`lock`]: trait.Device.html#method.lock /// [`AesDecryptionFailed`]: enum.CommandError.html#variant.AesDecryptionFailed + /// [`Device::build_aes_key`]: trait.Device.html#method.build_aes_key /// [`InvalidString`]: enum.CommandError.html#variant.InvalidString /// [`Unknown`]: enum.CommandError.html#variant.Unknown /// [`WrongPassword`]: enum.CommandError.html#variant.WrongPassword -- cgit v1.2.1