public
/
keyfork
5
0
Fork 0
Code Issues 29 Pull Requests 2 Packages Projects Releases Wiki Activity

keyfork shard remote-combine: impl

This commit is contained in:
Ryan Heywood 2025-06-10 15:42:48 -04:00
parent fa47bc28a8
commit 8eb7676b44
Signed by: ryan
GPG Key ID: 8E401478A3FBEF72
1 changed files with 13 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
crates/keyfork/src/cli/shard.rs
View File

@ -176,6 +176,13 @@ pub enum ShardSubcommands {
key_discovery: Option<PathBuf>, key_discovery: Option<PathBuf>,
}, },
/// Combine multiple transport-encrypted shares into a hex-encoded secret, printed to stdout.
///
/// This command is format-agnostic and relies on transport encryption of remote-decrypted
/// shards to determine the threshold to reconstitute the secret. Operators decrypting shards
/// should run `keyfork shard transport`.
RemoteCombine,
/// Decrypt metadata for a shardfile, including the threshold and the public keys. Public keys /// Decrypt metadata for a shardfile, including the threshold and the public keys. Public keys
/// are serialized to a file. /// are serialized to a file.
Metadata { Metadata {
@ -257,6 +264,12 @@ impl ShardSubcommands {
None => panic!("{COULD_NOT_DETERMINE_FORMAT}"), None => panic!("{COULD_NOT_DETERMINE_FORMAT}"),
} }
} }
ShardSubcommands::RemoteCombine => {
let mut output = vec![];
keyfork_shard::remote_decrypt(&mut output)?;
println!("{}", smex::encode(output));
Ok(())
}
ShardSubcommands::Metadata { ShardSubcommands::Metadata {
shardfile, shardfile,
output_pubkeys, output_pubkeys,