keyfork-shard: remove recovery file
This commit is contained in:
parent
0ec9f9c567
commit
48e4d7096c
|
@ -1,4 +1,10 @@
|
|||
use std::{env, fs::File, io::stdout, path::PathBuf, process::ExitCode, str::FromStr};
|
||||
use std::{
|
||||
env,
|
||||
io::{stdin, stdout},
|
||||
path::PathBuf,
|
||||
process::ExitCode,
|
||||
str::FromStr,
|
||||
};
|
||||
|
||||
use keyfork_shard::openpgp::{combine, discover_certs, openpgp::Cert, parse_messages};
|
||||
|
||||
|
@ -6,9 +12,8 @@ type Result<T, E = Box<dyn std::error::Error>> = std::result::Result<T, E>;
|
|||
|
||||
fn validate<'a>(
|
||||
threshold: &str,
|
||||
recovery_file: &str,
|
||||
key_discovery: impl Into<Option<&'a str>>,
|
||||
) -> Result<(u8, Vec<Cert>, PathBuf)> {
|
||||
) -> Result<(u8, Vec<Cert>)> {
|
||||
let threshold = u8::from_str(threshold)?;
|
||||
let key_discovery = key_discovery.into().map(PathBuf::from);
|
||||
key_discovery.as_ref().map(std::fs::metadata).transpose()?;
|
||||
|
@ -19,25 +24,20 @@ fn validate<'a>(
|
|||
.transpose()?
|
||||
.unwrap_or(vec![]);
|
||||
|
||||
let recovery_file = PathBuf::from(recovery_file);
|
||||
std::fs::metadata(&recovery_file)?;
|
||||
|
||||
Ok((threshold, certs, recovery_file))
|
||||
Ok((threshold, certs))
|
||||
}
|
||||
|
||||
fn run() -> Result<()> {
|
||||
let mut args = env::args();
|
||||
let program_name = args.next().expect("program name");
|
||||
let args = args.collect::<Vec<_>>();
|
||||
let (threshold, cert_list, recovery_file) = match args.as_slice() {
|
||||
[threshold, recovery_file, key_discovery] => {
|
||||
validate(threshold, recovery_file, key_discovery.as_str())?
|
||||
}
|
||||
[threshold, recovery_file] => validate(threshold, recovery_file, None)?,
|
||||
_ => panic!("Usage: {program_name} threshold recovery_file [key_discovery]"),
|
||||
let (threshold, cert_list) = match args.as_slice() {
|
||||
[threshold, key_discovery] => validate(threshold, key_discovery.as_str())?,
|
||||
[threshold] => validate(threshold, None)?,
|
||||
_ => panic!("Usage: {program_name} threshold [key_discovery]"),
|
||||
};
|
||||
|
||||
let mut encrypted_messages = parse_messages(File::open(recovery_file)?)?;
|
||||
let mut encrypted_messages = parse_messages(stdin())?;
|
||||
|
||||
let encrypted_metadata = encrypted_messages
|
||||
.pop_front()
|
||||
|
|
|
@ -8,14 +8,20 @@ Combine `threshold` shares into a previously [`split`] secret.
|
|||
|
||||
* `threshold`: Minimum number of operators present to recover the secret, as
|
||||
previously configured when creating the secret
|
||||
* `recovery_file`: File of OpenPGP Messages from [`split`].
|
||||
* `key_discovery`: A directory containing OpenPGP keys.
|
||||
If the amount of keys found is less than `threshold`, an OpenPGP Card
|
||||
fallback will be used to decrypt the rest of the messages.
|
||||
|
||||
## Pinentry
|
||||
|
||||
The terminal may be overridden if the default pinentry command is
|
||||
`pinentry-curses`, but this will affect neither input nor output.` Pinentry is
|
||||
used if an OpenPGP key file has an encrypted secret key or to prompt for the
|
||||
PIN for an OpenPGP smart card.
|
||||
|
||||
## Input
|
||||
|
||||
When required by OpenPGP cards, a prompt will be presented for PIN entry.
|
||||
OpenPGP messages from [`split`].
|
||||
|
||||
## Output
|
||||
|
||||
|
|
|
@ -1,7 +1,6 @@
|
|||
use super::Keyfork;
|
||||
use clap::{builder::PossibleValue, Parser, Subcommand, ValueEnum};
|
||||
use std::{
|
||||
fs::File,
|
||||
io::{stdin, stdout, BufRead, BufReader, Read, Write},
|
||||
path::{Path, PathBuf},
|
||||
};
|
||||
|
@ -136,9 +135,6 @@ pub enum ShardSubcommands {
|
|||
#[arg(long)]
|
||||
threshold: u8,
|
||||
|
||||
/// The path to load the encrypted shares from.
|
||||
recovery_file: PathBuf,
|
||||
|
||||
/// The path to discover private keys from.
|
||||
key_discovery: Option<PathBuf>,
|
||||
},
|
||||
|
@ -175,15 +171,11 @@ impl ShardSubcommands {
|
|||
}
|
||||
ShardSubcommands::Combine {
|
||||
threshold,
|
||||
recovery_file,
|
||||
key_discovery,
|
||||
} => match &shard.format {
|
||||
Some(Format::OpenPGP(o)) => o.combine(
|
||||
*threshold,
|
||||
key_discovery.as_ref(),
|
||||
File::open(recovery_file)?,
|
||||
&mut stdout,
|
||||
),
|
||||
Some(Format::OpenPGP(o)) => {
|
||||
o.combine(*threshold, key_discovery.as_ref(), stdin, &mut stdout)
|
||||
}
|
||||
Some(Format::P256(_p)) => {
|
||||
todo!()
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue