public
/
keyfork
5
0
Fork 0
Code Issues 16 Pull Requests 1 Packages Projects Releases Wiki Activity

keyfork-shard: remove recovery file

This commit is contained in:
Ryan Heywood 2023-11-05 16:34:45 -06:00
parent 0ec9f9c567
commit 48e4d7096c
Signed by: ryan
GPG Key ID: 8E401478A3FBEF72
3 changed files with 25 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
keyfork-shard/src/bin/keyfork-shard-combine-openpgp.rs
View File

@ -1,4 +1,10 @@
use std::{env, fs::File, io::stdout, path::PathBuf, process::ExitCode, str::FromStr};
use std::{
env,
io::{stdin, stdout},
path::PathBuf,
process::ExitCode,
str::FromStr,
};
use keyfork_shard::openpgp::{combine, discover_certs, openpgp::Cert, parse_messages};
@ -6,9 +12,8 @@ type Result<T, E = Box<dyn std::error::Error>> = std::result::Result<T, E>;
fn validate<'a>(
threshold: &str,
recovery_file: &str,
key_discovery: impl Into<Option<&'a str>>,
) -> Result<(u8, Vec<Cert>, PathBuf)> {
) -> Result<(u8, Vec<Cert>)> {
let threshold = u8::from_str(threshold)?;
let key_discovery = key_discovery.into().map(PathBuf::from);
key_discovery.as_ref().map(std::fs::metadata).transpose()?;
@ -19,25 +24,20 @@ fn validate<'a>(
.transpose()?
.unwrap_or(vec![]);
let recovery_file = PathBuf::from(recovery_file);
std::fs::metadata(&recovery_file)?;
Ok((threshold, certs, recovery_file))
Ok((threshold, certs))
}
fn run() -> Result<()> {
let mut args = env::args();
let program_name = args.next().expect("program name");
let args = args.collect::<Vec<_>>();
let (threshold, cert_list, recovery_file) = match args.as_slice() {
[threshold, recovery_file, key_discovery] => {
validate(threshold, recovery_file, key_discovery.as_str())?
}
[threshold, recovery_file] => validate(threshold, recovery_file, None)?,
_ => panic!("Usage: {program_name} threshold recovery_file [key_discovery]"),
let (threshold, cert_list) = match args.as_slice() {
[threshold, key_discovery] => validate(threshold, key_discovery.as_str())?,
[threshold] => validate(threshold, None)?,
_ => panic!("Usage: {program_name} threshold [key_discovery]"),
};
let mut encrypted_messages = parse_messages(File::open(recovery_file)?)?;
let mut encrypted_messages = parse_messages(stdin())?;
let encrypted_metadata = encrypted_messages
.pop_front()

10
keyfork-user-guide/src/bin/keyfork-shard/openpgp/combine.md
View File

@ -8,14 +8,20 @@ Combine `threshold` shares into a previously [`split`] secret.
* `threshold`: Minimum number of operators present to recover the secret, as
previously configured when creating the secret
* `recovery_file`: File of OpenPGP Messages from [`split`].
* `key_discovery`: A directory containing OpenPGP keys.
If the amount of keys found is less than `threshold`, an OpenPGP Card
fallback will be used to decrypt the rest of the messages.
## Pinentry
The terminal may be overridden if the default pinentry command is
`pinentry-curses`, but this will affect neither input nor output.` Pinentry is
used if an OpenPGP key file has an encrypted secret key or to prompt for the
PIN for an OpenPGP smart card.
## Input
When required by OpenPGP cards, a prompt will be presented for PIN entry.
OpenPGP messages from [`split`].
## Output

14
keyfork/src/cli/shard.rs
View File

@ -1,7 +1,6 @@
use super::Keyfork;
use clap::{builder::PossibleValue, Parser, Subcommand, ValueEnum};
use std::{
fs::File,
io::{stdin, stdout, BufRead, BufReader, Read, Write},
path::{Path, PathBuf},
};
@ -136,9 +135,6 @@ pub enum ShardSubcommands {
#[arg(long)]
threshold: u8,
/// The path to load the encrypted shares from.
recovery_file: PathBuf,
/// The path to discover private keys from.
key_discovery: Option<PathBuf>,
},
@ -175,15 +171,11 @@ impl ShardSubcommands {
}
ShardSubcommands::Combine {
threshold,
recovery_file,
key_discovery,
} => match &shard.format {
Some(Format::OpenPGP(o)) => o.combine(
*threshold,
key_discovery.as_ref(),
File::open(recovery_file)?,
&mut stdout,
),
Some(Format::OpenPGP(o)) => {
o.combine(*threshold, key_discovery.as_ref(), stdin, &mut stdout)
}
Some(Format::P256(_p)) => {
todo!()
}