Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add reset_pin_key #17

Merged
merged 5 commits into from
Apr 5, 2023
Merged

Add reset_pin_key #17

merged 5 commits into from
Apr 5, 2023

Conversation

sosthene-nitrokey
Copy link
Contributor

This syscall allows resetting a pin. Unlike set_pin, it takes a key as parameter. This key will be returned by future calls to get_pin_key. Unlike change_pin this doesn't require knowledge of the current value of the PIN.

The goal is to allow resetting a PIN from another source. For example, OpenPGP smartcards need to be able to reset the user pin given an admin pin With this patch, this can be done by using the admin key to wrap the user key.

@sosthene-nitrokey
Add reset_pin_key
4e0bd1d 
This syscall allows resetting a pin. Unlike `set_pin`, it takes a key as parameter.
This key will be returned by future calls to `get_pin_key`.
Unlike `change_pin` this doesn't require knowledge of the current value of the PIN.

The goal is to allow resetting a PIN from another source. For example,
OpenPGP smartcards need to be able to reset the user pin given an admin pin
With this patch, this can be done by using the admin key to wrap the user key.
@sosthene-nitrokey sosthene-nitrokey marked this pull request as ready for review March 24, 2023 10:05
@sosthene-nitrokey sosthene-nitrokey mentioned this pull request Mar 24, 2023
Closed
@sosthene-nitrokey sosthene-nitrokey requested review from robin-nitrokey and daringer and removed request for robin-nitrokey March 24, 2023 10:06
robin-nitrokey
robin-nitrokey reviewed Mar 27, 2023
View reviewed changes
Copy link
Member

@robin-nitrokey robin-nitrokey left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don’t see how this helps us with OpenPGP. To obtain the key ID required for the ResetPinKey syscall, we have to call GetPinKey which requires us to know the PIN. I’ve probably missed something?

Ah, now I remember that we talked about wrapping the user key in advance.

src/extension/request.rs Outdated Show resolved Hide resolved
src/extension.rs Outdated Show resolved Hide resolved
src/extension.rs Outdated Show resolved Hide resolved
robin-nitrokey
robin-nitrokey reviewed Mar 28, 2023
View reviewed changes
src/extension.rs Outdated Show resolved Hide resolved
robin-nitrokey
robin-nitrokey approved these changes Mar 28, 2023
View reviewed changes
Copy link
Member

@robin-nitrokey robin-nitrokey left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks, looks good!

src/extension.rs Outdated Show resolved Hide resolved
@sosthene-nitrokey sosthene-nitrokey merged commit 3786e3c into main Apr 5, 2023
@sosthene-nitrokey sosthene-nitrokey deleted the set-key branch April 5, 2023 08:11
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@robin-nitrokey robin-nitrokey robin-nitrokey approved these changes

@daringer daringer Awaiting requested review from daringer

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@sosthene-nitrokey @robin-nitrokey