From 0ec9f9c567b85e3db503e3341ad2ea628b61afc4 Mon Sep 17 00:00:00 2001 From: ryan Date: Sun, 5 Nov 2023 16:26:19 -0600 Subject: [PATCH] keyfork-shard: cleanup eprintln --- keyfork-shard/src/openpgp.rs | 25 ++++++++----------------- 1 file changed, 8 insertions(+), 17 deletions(-) diff --git a/keyfork-shard/src/openpgp.rs b/keyfork-shard/src/openpgp.rs index 3bd29c4..d3b1b5a 100644 --- a/keyfork-shard/src/openpgp.rs +++ b/keyfork-shard/src/openpgp.rs @@ -212,8 +212,10 @@ pub fn combine( let mut keyring = Keyring::new(certs)?; let mut manager = SmartcardManager::new()?; let content = if keyring.is_empty() { - let card_fp = manager.load_any_card()?; - eprintln!("key discovery is empty, using hardware smartcard: {card_fp}"); + // NOTE: Any card plugged in that can't decrypt, will raise issues. + // This should not be used on a system where OpenPGP cards are available that shouldn't be + // used, due to the nature of how wildcard decryption works. + manager.load_any_card()?; metadata.decrypt_with(&policy, &mut manager)? } else { metadata.decrypt_with(&policy, &mut keyring)? @@ -252,20 +254,10 @@ pub fn combine( pkesk.set_recipient(key.keyid()); } // we have a pkesk, decrypt via keyring - let result = message.decrypt_with(&policy, &mut keyring); - match result { - Ok(message) => { - decrypted_messages.insert(valid_cert.keyid(), message); - } - Err(e) => { - eprintln!( - "Could not decrypt with fingerprint {}: {}", - valid_cert.keyid(), - e - ); - // do nothing, key will be retained - } - } + decrypted_messages.insert( + valid_cert.keyid(), + message.decrypt_with(&policy, &mut keyring)?, + ); } } } @@ -275,7 +267,6 @@ pub fn combine( let left_from_threshold = threshold as usize - decrypted_messages.len(); if left_from_threshold > 0 { - eprintln!("remaining keys: {left_from_threshold}, prompting yubikeys"); let mut remaining_usable_certs = certs .iter() .filter(|cert| messages.contains_key(&cert.keyid()))