From 48e4d7096c843ef48292fd0c963440f064da7b28 Mon Sep 17 00:00:00 2001
From: ryan <ryan@distrust.co>
Date: Sun, 5 Nov 2023 16:34:45 -0600
Subject: [PATCH] keyfork-shard: remove recovery file

---
 .../src/bin/keyfork-shard-combine-openpgp.rs  | 28 +++++++++----------
 .../src/bin/keyfork-shard/openpgp/combine.md  | 10 +++++--
 keyfork/src/cli/shard.rs                      | 14 ++--------
 3 files changed, 25 insertions(+), 27 deletions(-)

diff --git a/keyfork-shard/src/bin/keyfork-shard-combine-openpgp.rs b/keyfork-shard/src/bin/keyfork-shard-combine-openpgp.rs
index 883a528..ddd39e1 100644
--- a/keyfork-shard/src/bin/keyfork-shard-combine-openpgp.rs
+++ b/keyfork-shard/src/bin/keyfork-shard-combine-openpgp.rs
@@ -1,4 +1,10 @@
-use std::{env, fs::File, io::stdout, path::PathBuf, process::ExitCode, str::FromStr};
+use std::{
+    env,
+    io::{stdin, stdout},
+    path::PathBuf,
+    process::ExitCode,
+    str::FromStr,
+};
 
 use keyfork_shard::openpgp::{combine, discover_certs, openpgp::Cert, parse_messages};
 
@@ -6,9 +12,8 @@ type Result<T, E = Box<dyn std::error::Error>> = std::result::Result<T, E>;
 
 fn validate<'a>(
     threshold: &str,
-    recovery_file: &str,
     key_discovery: impl Into<Option<&'a str>>,
-) -> Result<(u8, Vec<Cert>, PathBuf)> {
+) -> Result<(u8, Vec<Cert>)> {
     let threshold = u8::from_str(threshold)?;
     let key_discovery = key_discovery.into().map(PathBuf::from);
     key_discovery.as_ref().map(std::fs::metadata).transpose()?;
@@ -19,25 +24,20 @@ fn validate<'a>(
         .transpose()?
         .unwrap_or(vec![]);
 
-    let recovery_file = PathBuf::from(recovery_file);
-    std::fs::metadata(&recovery_file)?;
-
-    Ok((threshold, certs, recovery_file))
+    Ok((threshold, certs))
 }
 
 fn run() -> Result<()> {
     let mut args = env::args();
     let program_name = args.next().expect("program name");
     let args = args.collect::<Vec<_>>();
-    let (threshold, cert_list, recovery_file) = match args.as_slice() {
-        [threshold, recovery_file, key_discovery] => {
-            validate(threshold, recovery_file, key_discovery.as_str())?
-        }
-        [threshold, recovery_file] => validate(threshold, recovery_file, None)?,
-        _ => panic!("Usage: {program_name} threshold recovery_file [key_discovery]"),
+    let (threshold, cert_list) = match args.as_slice() {
+        [threshold, key_discovery] => validate(threshold, key_discovery.as_str())?,
+        [threshold] => validate(threshold, None)?,
+        _ => panic!("Usage: {program_name} threshold [key_discovery]"),
     };
 
-    let mut encrypted_messages = parse_messages(File::open(recovery_file)?)?;
+    let mut encrypted_messages = parse_messages(stdin())?;
 
     let encrypted_metadata = encrypted_messages
         .pop_front()
diff --git a/keyfork-user-guide/src/bin/keyfork-shard/openpgp/combine.md b/keyfork-user-guide/src/bin/keyfork-shard/openpgp/combine.md
index b3c9220..2395413 100644
--- a/keyfork-user-guide/src/bin/keyfork-shard/openpgp/combine.md
+++ b/keyfork-user-guide/src/bin/keyfork-shard/openpgp/combine.md
@@ -8,14 +8,20 @@ Combine `threshold` shares into a previously [`split`] secret.
 
 * `threshold`: Minimum number of operators present to recover the secret, as
   previously configured when creating the secret
-* `recovery_file`: File of OpenPGP Messages from [`split`].
 * `key_discovery`: A directory containing OpenPGP keys.
   If the amount of keys found is less than `threshold`, an OpenPGP Card
   fallback will be used to decrypt the rest of the messages.
 
+## Pinentry
+
+The terminal may be overridden if the default pinentry command is
+`pinentry-curses`, but this will affect neither input nor output.` Pinentry is
+used if an OpenPGP key file has an encrypted secret key or to prompt for the
+PIN for an OpenPGP smart card.
+
 ## Input
 
-When required by OpenPGP cards, a prompt will be presented for PIN entry.
+OpenPGP messages from [`split`].
 
 ## Output
 
diff --git a/keyfork/src/cli/shard.rs b/keyfork/src/cli/shard.rs
index e1f4b8b..f052f58 100644
--- a/keyfork/src/cli/shard.rs
+++ b/keyfork/src/cli/shard.rs
@@ -1,7 +1,6 @@
 use super::Keyfork;
 use clap::{builder::PossibleValue, Parser, Subcommand, ValueEnum};
 use std::{
-    fs::File,
     io::{stdin, stdout, BufRead, BufReader, Read, Write},
     path::{Path, PathBuf},
 };
@@ -136,9 +135,6 @@ pub enum ShardSubcommands {
         #[arg(long)]
         threshold: u8,
 
-        /// The path to load the encrypted shares from.
-        recovery_file: PathBuf,
-
         /// The path to discover private keys from.
         key_discovery: Option<PathBuf>,
     },
@@ -175,15 +171,11 @@ impl ShardSubcommands {
             }
             ShardSubcommands::Combine {
                 threshold,
-                recovery_file,
                 key_discovery,
             } => match &shard.format {
-                Some(Format::OpenPGP(o)) => o.combine(
-                    *threshold,
-                    key_discovery.as_ref(),
-                    File::open(recovery_file)?,
-                    &mut stdout,
-                ),
+                Some(Format::OpenPGP(o)) => {
+                    o.combine(*threshold, key_discovery.as_ref(), stdin, &mut stdout)
+                }
                 Some(Format::P256(_p)) => {
                     todo!()
                 }