keyfork-shard: Be less strict about keys
Rationale: Keyfork Shard runs on Airgap systems. The biggest impact of using StandardPolicy and checking whether keys are "alive" is the drift between different Airgap systems where the keys may not be valid at the same time. Because of this, it is impossible to shard a secret to all keys at once using a StandardPolicy. However, we consider these keys to be a trusted input, whether created by a previous system or generated directly by Keyfork. Because of this, we can use a NullPolicy to blanketly permit all keys, the same way we blanketly permit all keys when reconstituting the sharded secret, and disable the check for whether keys are alive (though, we are still denying revoked keys).
This commit is contained in:
parent
bac762f5be
commit
fa84a2ae5f
|
@ -25,7 +25,7 @@ use openpgp::{
|
||||||
stream::{DecryptionHelper, DecryptorBuilder, VerificationHelper},
|
stream::{DecryptionHelper, DecryptorBuilder, VerificationHelper},
|
||||||
Parse,
|
Parse,
|
||||||
},
|
},
|
||||||
policy::{NullPolicy, Policy, StandardPolicy},
|
policy::{NullPolicy, Policy},
|
||||||
serialize::{
|
serialize::{
|
||||||
stream::{ArbitraryWriter, Encryptor2, LiteralWriter, Message, Recipient, Signer},
|
stream::{ArbitraryWriter, Encryptor2, LiteralWriter, Message, Recipient, Signer},
|
||||||
Marshal,
|
Marshal,
|
||||||
|
@ -276,7 +276,7 @@ impl<P: PromptHandler> Format for OpenPGP<P> {
|
||||||
key_data: &[Self::PublicKey],
|
key_data: &[Self::PublicKey],
|
||||||
threshold: u8,
|
threshold: u8,
|
||||||
) -> Result<Self::EncryptedData, Self::Error> {
|
) -> Result<Self::EncryptedData, Self::Error> {
|
||||||
let policy = StandardPolicy::new();
|
let policy = NullPolicy::new();
|
||||||
let mut pp = vec![SHARD_METADATA_VERSION, threshold];
|
let mut pp = vec![SHARD_METADATA_VERSION, threshold];
|
||||||
// Note: Sequoia does not export private keys on a Cert, only on a TSK
|
// Note: Sequoia does not export private keys on a Cert, only on a TSK
|
||||||
signing_key
|
signing_key
|
||||||
|
@ -362,7 +362,7 @@ impl<P: PromptHandler> Format for OpenPGP<P> {
|
||||||
public_key: &Cert,
|
public_key: &Cert,
|
||||||
signing_key: &mut Self::SigningKey,
|
signing_key: &mut Self::SigningKey,
|
||||||
) -> Result<EncryptedMessage> {
|
) -> Result<EncryptedMessage> {
|
||||||
let policy = StandardPolicy::new();
|
let policy = NullPolicy::new();
|
||||||
let valid_cert = public_key
|
let valid_cert = public_key
|
||||||
.with_policy(&policy, None)
|
.with_policy(&policy, None)
|
||||||
.map_err(Error::Sequoia)?;
|
.map_err(Error::Sequoia)?;
|
||||||
|
@ -577,7 +577,8 @@ fn get_encryption_keys<'a>(
|
||||||
openpgp::packet::key::UnspecifiedRole,
|
openpgp::packet::key::UnspecifiedRole,
|
||||||
> {
|
> {
|
||||||
cert.keys()
|
cert.keys()
|
||||||
.alive()
|
// NOTE: this causes complications on Airgap systems
|
||||||
|
// .alive()
|
||||||
.revoked(false)
|
.revoked(false)
|
||||||
.supported()
|
.supported()
|
||||||
.for_storage_encryption()
|
.for_storage_encryption()
|
||||||
|
|
Loading…
Reference in New Issue