From 8eb7676b44dec7a56e9b690b0606635a86b61280 Mon Sep 17 00:00:00 2001 From: ryan Date: Tue, 10 Jun 2025 15:42:48 -0400 Subject: [PATCH] keyfork shard remote-combine: impl --- crates/keyfork/src/cli/shard.rs | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/crates/keyfork/src/cli/shard.rs b/crates/keyfork/src/cli/shard.rs index 51948b4..0869003 100644 --- a/crates/keyfork/src/cli/shard.rs +++ b/crates/keyfork/src/cli/shard.rs @@ -176,6 +176,13 @@ pub enum ShardSubcommands { key_discovery: Option, }, + /// Combine multiple transport-encrypted shares into a hex-encoded secret, printed to stdout. + /// + /// This command is format-agnostic and relies on transport encryption of remote-decrypted + /// shards to determine the threshold to reconstitute the secret. Operators decrypting shards + /// should run `keyfork shard transport`. + RemoteCombine, + /// Decrypt metadata for a shardfile, including the threshold and the public keys. Public keys /// are serialized to a file. Metadata { @@ -257,6 +264,12 @@ impl ShardSubcommands { None => panic!("{COULD_NOT_DETERMINE_FORMAT}"), } } + ShardSubcommands::RemoteCombine => { + let mut output = vec![]; + keyfork_shard::remote_decrypt(&mut output)?; + println!("{}", smex::encode(output)); + Ok(()) + } ShardSubcommands::Metadata { shardfile, output_pubkeys,