From 48e4d7096c843ef48292fd0c963440f064da7b28 Mon Sep 17 00:00:00 2001 From: ryan Date: Sun, 5 Nov 2023 16:34:45 -0600 Subject: [PATCH] keyfork-shard: remove recovery file --- .../src/bin/keyfork-shard-combine-openpgp.rs | 28 +++++++++---------- .../src/bin/keyfork-shard/openpgp/combine.md | 10 +++++-- keyfork/src/cli/shard.rs | 14 ++-------- 3 files changed, 25 insertions(+), 27 deletions(-) diff --git a/keyfork-shard/src/bin/keyfork-shard-combine-openpgp.rs b/keyfork-shard/src/bin/keyfork-shard-combine-openpgp.rs index 883a528..ddd39e1 100644 --- a/keyfork-shard/src/bin/keyfork-shard-combine-openpgp.rs +++ b/keyfork-shard/src/bin/keyfork-shard-combine-openpgp.rs @@ -1,4 +1,10 @@ -use std::{env, fs::File, io::stdout, path::PathBuf, process::ExitCode, str::FromStr}; +use std::{ + env, + io::{stdin, stdout}, + path::PathBuf, + process::ExitCode, + str::FromStr, +}; use keyfork_shard::openpgp::{combine, discover_certs, openpgp::Cert, parse_messages}; @@ -6,9 +12,8 @@ type Result> = std::result::Result; fn validate<'a>( threshold: &str, - recovery_file: &str, key_discovery: impl Into>, -) -> Result<(u8, Vec, PathBuf)> { +) -> Result<(u8, Vec)> { let threshold = u8::from_str(threshold)?; let key_discovery = key_discovery.into().map(PathBuf::from); key_discovery.as_ref().map(std::fs::metadata).transpose()?; @@ -19,25 +24,20 @@ fn validate<'a>( .transpose()? .unwrap_or(vec![]); - let recovery_file = PathBuf::from(recovery_file); - std::fs::metadata(&recovery_file)?; - - Ok((threshold, certs, recovery_file)) + Ok((threshold, certs)) } fn run() -> Result<()> { let mut args = env::args(); let program_name = args.next().expect("program name"); let args = args.collect::>(); - let (threshold, cert_list, recovery_file) = match args.as_slice() { - [threshold, recovery_file, key_discovery] => { - validate(threshold, recovery_file, key_discovery.as_str())? - } - [threshold, recovery_file] => validate(threshold, recovery_file, None)?, - _ => panic!("Usage: {program_name} threshold recovery_file [key_discovery]"), + let (threshold, cert_list) = match args.as_slice() { + [threshold, key_discovery] => validate(threshold, key_discovery.as_str())?, + [threshold] => validate(threshold, None)?, + _ => panic!("Usage: {program_name} threshold [key_discovery]"), }; - let mut encrypted_messages = parse_messages(File::open(recovery_file)?)?; + let mut encrypted_messages = parse_messages(stdin())?; let encrypted_metadata = encrypted_messages .pop_front() diff --git a/keyfork-user-guide/src/bin/keyfork-shard/openpgp/combine.md b/keyfork-user-guide/src/bin/keyfork-shard/openpgp/combine.md index b3c9220..2395413 100644 --- a/keyfork-user-guide/src/bin/keyfork-shard/openpgp/combine.md +++ b/keyfork-user-guide/src/bin/keyfork-shard/openpgp/combine.md @@ -8,14 +8,20 @@ Combine `threshold` shares into a previously [`split`] secret. * `threshold`: Minimum number of operators present to recover the secret, as previously configured when creating the secret -* `recovery_file`: File of OpenPGP Messages from [`split`]. * `key_discovery`: A directory containing OpenPGP keys. If the amount of keys found is less than `threshold`, an OpenPGP Card fallback will be used to decrypt the rest of the messages. +## Pinentry + +The terminal may be overridden if the default pinentry command is +`pinentry-curses`, but this will affect neither input nor output.` Pinentry is +used if an OpenPGP key file has an encrypted secret key or to prompt for the +PIN for an OpenPGP smart card. + ## Input -When required by OpenPGP cards, a prompt will be presented for PIN entry. +OpenPGP messages from [`split`]. ## Output diff --git a/keyfork/src/cli/shard.rs b/keyfork/src/cli/shard.rs index e1f4b8b..f052f58 100644 --- a/keyfork/src/cli/shard.rs +++ b/keyfork/src/cli/shard.rs @@ -1,7 +1,6 @@ use super::Keyfork; use clap::{builder::PossibleValue, Parser, Subcommand, ValueEnum}; use std::{ - fs::File, io::{stdin, stdout, BufRead, BufReader, Read, Write}, path::{Path, PathBuf}, }; @@ -136,9 +135,6 @@ pub enum ShardSubcommands { #[arg(long)] threshold: u8, - /// The path to load the encrypted shares from. - recovery_file: PathBuf, - /// The path to discover private keys from. key_discovery: Option, }, @@ -175,15 +171,11 @@ impl ShardSubcommands { } ShardSubcommands::Combine { threshold, - recovery_file, key_discovery, } => match &shard.format { - Some(Format::OpenPGP(o)) => o.combine( - *threshold, - key_discovery.as_ref(), - File::open(recovery_file)?, - &mut stdout, - ), + Some(Format::OpenPGP(o)) => { + o.combine(*threshold, key_discovery.as_ref(), stdin, &mut stdout) + } Some(Format::P256(_p)) => { todo!() }