public
/
keyfork
5
0
Fork 0
Code Issues 16 Pull Requests 1 Packages Projects Releases Wiki Activity

keyfork-shard: remove recovery file

This commit is contained in:
Ryan Heywood 2023-11-05 16:34:45 -06:00
parent 0ec9f9c567
commit 48e4d7096c
Signed by: ryan
GPG Key ID: 8E401478A3FBEF72
3 changed files with 25 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
keyfork-shard/src/bin/keyfork-shard-combine-openpgp.rs
View File

@ -1,4 +1,10 @@
use std::{env, fs::File, io::stdout, path::PathBuf, process::ExitCode, str::FromStr}; use std::{
env,
io::{stdin, stdout},
path::PathBuf,
process::ExitCode,
str::FromStr,
};
use keyfork_shard::openpgp::{combine, discover_certs, openpgp::Cert, parse_messages}; use keyfork_shard::openpgp::{combine, discover_certs, openpgp::Cert, parse_messages};
@ -6,9 +12,8 @@ type Result<T, E = Box<dyn std::error::Error>> = std::result::Result<T, E>;
fn validate<'a>( fn validate<'a>(
threshold: &str, threshold: &str,
recovery_file: &str,
key_discovery: impl Into<Option<&'a str>>, key_discovery: impl Into<Option<&'a str>>,
) -> Result<(u8, Vec<Cert>, PathBuf)> { ) -> Result<(u8, Vec<Cert>)> {
let threshold = u8::from_str(threshold)?; let threshold = u8::from_str(threshold)?;
let key_discovery = key_discovery.into().map(PathBuf::from); let key_discovery = key_discovery.into().map(PathBuf::from);
key_discovery.as_ref().map(std::fs::metadata).transpose()?; key_discovery.as_ref().map(std::fs::metadata).transpose()?;
@ -19,25 +24,20 @@ fn validate<'a>(
.transpose()? .transpose()?
.unwrap_or(vec![]); .unwrap_or(vec![]);
let recovery_file = PathBuf::from(recovery_file); Ok((threshold, certs))
std::fs::metadata(&recovery_file)?;
Ok((threshold, certs, recovery_file))
} }
fn run() -> Result<()> { fn run() -> Result<()> {
let mut args = env::args(); let mut args = env::args();
let program_name = args.next().expect("program name"); let program_name = args.next().expect("program name");
let args = args.collect::<Vec<_>>(); let args = args.collect::<Vec<_>>();
let (threshold, cert_list, recovery_file) = match args.as_slice() { let (threshold, cert_list) = match args.as_slice() {
[threshold, recovery_file, key_discovery] => { [threshold, key_discovery] => validate(threshold, key_discovery.as_str())?,
validate(threshold, recovery_file, key_discovery.as_str())? [threshold] => validate(threshold, None)?,
} _ => panic!("Usage: {program_name} threshold [key_discovery]"),
[threshold, recovery_file] => validate(threshold, recovery_file, None)?,
_ => panic!("Usage: {program_name} threshold recovery_file [key_discovery]"),
}; };
let mut encrypted_messages = parse_messages(File::open(recovery_file)?)?; let mut encrypted_messages = parse_messages(stdin())?;
let encrypted_metadata = encrypted_messages let encrypted_metadata = encrypted_messages
.pop_front() .pop_front()

10
keyfork-user-guide/src/bin/keyfork-shard/openpgp/combine.md
View File

@ -8,14 +8,20 @@ Combine `threshold` shares into a previously [`split`] secret.
* `threshold`: Minimum number of operators present to recover the secret, as * `threshold`: Minimum number of operators present to recover the secret, as
previously configured when creating the secret previously configured when creating the secret
* `recovery_file`: File of OpenPGP Messages from [`split`].
* `key_discovery`: A directory containing OpenPGP keys. * `key_discovery`: A directory containing OpenPGP keys.
If the amount of keys found is less than `threshold`, an OpenPGP Card If the amount of keys found is less than `threshold`, an OpenPGP Card
fallback will be used to decrypt the rest of the messages. fallback will be used to decrypt the rest of the messages.
## Pinentry
The terminal may be overridden if the default pinentry command is
`pinentry-curses`, but this will affect neither input nor output.` Pinentry is
used if an OpenPGP key file has an encrypted secret key or to prompt for the
PIN for an OpenPGP smart card.
## Input ## Input
When required by OpenPGP cards, a prompt will be presented for PIN entry. OpenPGP messages from [`split`].
## Output ## Output

14
keyfork/src/cli/shard.rs
View File

@ -1,7 +1,6 @@
use super::Keyfork; use super::Keyfork;
use clap::{builder::PossibleValue, Parser, Subcommand, ValueEnum}; use clap::{builder::PossibleValue, Parser, Subcommand, ValueEnum};
use std::{ use std::{
fs::File,
io::{stdin, stdout, BufRead, BufReader, Read, Write}, io::{stdin, stdout, BufRead, BufReader, Read, Write},
path::{Path, PathBuf}, path::{Path, PathBuf},
}; };
@ -136,9 +135,6 @@ pub enum ShardSubcommands {
#[arg(long)] #[arg(long)]
threshold: u8, threshold: u8,
/// The path to load the encrypted shares from.
recovery_file: PathBuf,
/// The path to discover private keys from. /// The path to discover private keys from.
key_discovery: Option<PathBuf>, key_discovery: Option<PathBuf>,
}, },
@ -175,15 +171,11 @@ impl ShardSubcommands {
} }
ShardSubcommands::Combine { ShardSubcommands::Combine {
threshold, threshold,
recovery_file,
key_discovery, key_discovery,
} => match &shard.format { } => match &shard.format {
Some(Format::OpenPGP(o)) => o.combine( Some(Format::OpenPGP(o)) => {
*threshold, o.combine(*threshold, key_discovery.as_ref(), stdin, &mut stdout)
key_discovery.as_ref(), }
File::open(recovery_file)?,
&mut stdout,
),
Some(Format::P256(_p)) => { Some(Format::P256(_p)) => {
todo!() todo!()
} }