Currently initializing a card in VS-NfD mode with backup is pretty complicated.
- Generate a soft key
- Transfer each subkey to the card
- Set Admin PIN
- Set User PIN
- Set Reset Code
- Backup soft key
- Delete soft key
- Import public key of card
- Certify public key and send it to the AD
We should simplify this to a question of "Username, E-Mail, Backup storage folder, Certification key".
Alternatively to the Backup storage folder we could generate the keys on card.
Certification key could be something like: "checkbox certify key <certifying key selection>"
Then we should automatically generate the PINs and set them. As a result dialog we show the PINs, save the PINs to the Backup storage folder, and offer to "Print user Pins" which would create something like the trusted disk pinbrief. Which is just a PDF with the PIN / Reset code.