From fa84a2ae5fa28fa4648863a74ea7d3406e58d8a9 Mon Sep 17 00:00:00 2001 From: ryan Date: Thu, 8 Aug 2024 00:35:41 -0400 Subject: [PATCH 1/3] keyfork-shard: Be less strict about keys Rationale: Keyfork Shard runs on Airgap systems. The biggest impact of using StandardPolicy and checking whether keys are "alive" is the drift between different Airgap systems where the keys may not be valid at the same time. Because of this, it is impossible to shard a secret to all keys at once using a StandardPolicy. However, we consider these keys to be a trusted input, whether created by a previous system or generated directly by Keyfork. Because of this, we can use a NullPolicy to blanketly permit all keys, the same way we blanketly permit all keys when reconstituting the sharded secret, and disable the check for whether keys are alive (though, we are still denying revoked keys). --- crates/keyfork-shard/src/openpgp.rs | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/crates/keyfork-shard/src/openpgp.rs b/crates/keyfork-shard/src/openpgp.rs index be4ec47..11f759a 100644 --- a/crates/keyfork-shard/src/openpgp.rs +++ b/crates/keyfork-shard/src/openpgp.rs @@ -25,7 +25,7 @@ use openpgp::{ stream::{DecryptionHelper, DecryptorBuilder, VerificationHelper}, Parse, }, - policy::{NullPolicy, Policy, StandardPolicy}, + policy::{NullPolicy, Policy}, serialize::{ stream::{ArbitraryWriter, Encryptor2, LiteralWriter, Message, Recipient, Signer}, Marshal, @@ -276,7 +276,7 @@ impl Format for OpenPGP

{ key_data: &[Self::PublicKey], threshold: u8, ) -> Result { - let policy = StandardPolicy::new(); + let policy = NullPolicy::new(); let mut pp = vec![SHARD_METADATA_VERSION, threshold]; // Note: Sequoia does not export private keys on a Cert, only on a TSK signing_key @@ -362,7 +362,7 @@ impl Format for OpenPGP

{ public_key: &Cert, signing_key: &mut Self::SigningKey, ) -> Result { - let policy = StandardPolicy::new(); + let policy = NullPolicy::new(); let valid_cert = public_key .with_policy(&policy, None) .map_err(Error::Sequoia)?; @@ -577,7 +577,8 @@ fn get_encryption_keys<'a>( openpgp::packet::key::UnspecifiedRole, > { cert.keys() - .alive() + // NOTE: this causes complications on Airgap systems + // .alive() .revoked(false) .supported() .for_storage_encryption() From dd4354ffc161819654a042a7d07f2cca1933c945 Mon Sep 17 00:00:00 2001 From: ryan Date: Thu, 8 Aug 2024 00:53:15 -0400 Subject: [PATCH 2/3] keyfork: bump keyfork-shard --- crates/keyfork/Cargo.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crates/keyfork/Cargo.toml b/crates/keyfork/Cargo.toml index 6d40fa5..ff6d3eb 100644 --- a/crates/keyfork/Cargo.toml +++ b/crates/keyfork/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "keyfork" -version = "0.2.2" +version = "0.2.3" edition = "2021" license = "AGPL-3.0-only" From ba64db8f009c873cb32beb4cff6ca3cd863c23c8 Mon Sep 17 00:00:00 2001 From: ryan Date: Thu, 8 Aug 2024 00:56:40 -0400 Subject: [PATCH 3/3] update Cargo.toml and Cargo.lock --- Cargo.lock | 4 ++-- crates/keyfork-shard/Cargo.toml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index cec7c5b..ad1c47e 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -1674,7 +1674,7 @@ dependencies = [ [[package]] name = "keyfork" -version = "0.2.2" +version = "0.2.3" dependencies = [ "card-backend-pcsc", "clap", @@ -1835,7 +1835,7 @@ dependencies = [ [[package]] name = "keyfork-shard" -version = "0.2.1" +version = "0.2.2" dependencies = [ "aes-gcm", "anyhow", diff --git a/crates/keyfork-shard/Cargo.toml b/crates/keyfork-shard/Cargo.toml index 19495bb..18d2953 100644 --- a/crates/keyfork-shard/Cargo.toml +++ b/crates/keyfork-shard/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "keyfork-shard" -version = "0.2.1" +version = "0.2.2" edition = "2021" license = "AGPL-3.0-only"