From 9e0161b4ee8fea7d4b7a318935421b858189c676 Mon Sep 17 00:00:00 2001 From: Timotej Lazar Date: Fri, 26 Jan 2024 20:04:44 +0100 Subject: [PATCH] Use tkinter for PIN entry --- marginaltool | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/marginaltool b/marginaltool index 27730d3..4d27465 100755 --- a/marginaltool +++ b/marginaltool @@ -9,7 +9,6 @@ import pathlib import subprocess import sys import urllib.parse -import getpass # use requests instead of urllib.request for keep-alive connection import requests @@ -35,13 +34,18 @@ def init(args): if not args.keyfile or not args.certfile: raise Exception('key or certificate file not specified') args.cert = ''.join(line.strip() for line in open(args.certfile) if not line.startswith('-----')) + case 'pkcs11': if not args.id: args.id = config.get(args.url, 'id', fallback=None) if not args.id: raise Exception('key ID not specified') args.cert = base64.b64encode(subprocess.run(['pkcs11-tool', '--read-object', '--type', 'cert', '--id', args.id], capture_output=True).stdout).decode() - args.pin = getpass.getpass('PIN: ') + + # read the PIN once to avoid prompting for each document + import tkinter.simpledialog # only needed for PIN entry + args.pin = tkinter.simpledialog.askstring('marginaltool', 'PIN', show="*") + case '_': raise Exception(f'invalid engine {args.engine}') @@ -53,6 +57,7 @@ def sign(b64data, args): cmd = ['openssl', 'pkeyutl', '-sign', '-inkey', args.keyfile, '-pkeyopt', 'digest:sha256'] env = None data = base64.b64decode(b64data) + case 'pkcs11': if not args.id: raise Exception('key ID not specified') @@ -67,6 +72,7 @@ def sign(b64data, args): cmd = ['pkcs11-tool', '--id', args.id, '-s', '-m', 'RSA-PKCS', '-p', 'env:PIN'] env = {'PIN': args.pin} data = bytes.fromhex(digest_info['SHA-256']) + base64.b64decode(b64data) + case '_': raise Exception(f'invalid engine {args.engine}')