public
/
keyfork
5
0
Fork 0
Code Issues 25 Pull Requests 2 Packages Projects Releases Wiki Activity
398 Commits 14 Branches 80 Tags 6.4 MiB
Commit Graph

154 Commits

Author SHA1 Message Date
Ryan Heywood fa84a2ae5f
keyfork-shard: Be less strict about keys 
Rationale: Keyfork Shard runs on Airgap systems. The biggest impact of
using StandardPolicy and checking whether keys are "alive" is the drift
between different Airgap systems where the keys may not be valid at the
same time. Because of this, it is impossible to shard a secret to all
keys at once using a StandardPolicy.

However, we consider these keys to be a trusted input, whether created
by a previous system or generated directly by Keyfork. Because of this,
we can use a NullPolicy to blanketly permit all keys, the same way we
blanketly permit all keys when reconstituting the sharded secret, and
disable the check for whether keys are alive (though, we are still
denying revoked keys).
 2024-08-08 00:48:33 -04:00
Ryan Heywood 35f57fcc41
Merge branch 'ryansquared/keyfork-mnemonic-refactors' 2024-08-05 18:00:10 -04:00
Ryan Heywood a2eb5fda11
bump dependencies with listed vulnerabilities (not affected) 2024-08-05 17:48:19 -04:00
Ryan Heywood 5219c5a99f
keyfork: enum-trait-ify choose-your-own commands 2024-08-05 17:43:22 -04:00
Ryan Heywood b26f296a75
keyfork-derive-path-data: move all pathcrafting here 2024-08-01 11:05:46 -04:00
Ryan Heywood 35ab5e65a4
keyfork-mnemonic-util => keyfork-mnemonic 2024-08-01 09:50:30 -04:00
Ryan Heywood 3ee81b6a82
keyfork-mnemonic-util: impl as_slice to_vec into_vec 2024-08-01 09:35:04 -04:00
Ryan Heywood f5627e5bd9
keyfork-mnemonic-util: impl try_from_slice and from_array 2024-08-01 09:29:03 -04:00
Ryan Heywood 02e5b545a4
keyfork-mnemonic-util::generate_seed: return const size array 2024-08-01 09:19:07 -04:00
Ryan Heywood 536e6da5ad
keyforkd{,-client}: lots of documentationings 2024-08-01 08:59:01 -04:00
Ryan Heywood bac762f5be
release keyfork v0.2.2 and keyfork-derive-openpgp 0.1.2 2024-08-01 01:37:18 -04:00
Ryan Heywood 8d40d2630c
keyfork: add `bottoms-up` wizard 2024-08-01 01:30:54 -04:00
Ryan Heywood 142bea3b9f
keyfork-shard: verify QR code length correctly 2024-05-29 16:16:55 -04:00
Ryan Heywood 491d19469a
crates: bump versions 2024-05-16 00:29:28 -04:00
Anton Livaja bcfcc8711f
keyforkd: add warning when loading seed with less than 128 bits 2024-05-05 14:27:10 -04:00
Ryan Heywood de4e98ae07
keyfork-derive-util: black-box checking all zeroes 2024-05-03 23:28:45 -04:00
Ryan Heywood 48ccd7c68f
keyfork-derive-util: add note about potential side-channel when verifying keys 2024-05-03 23:20:53 -04:00
Ryan Heywood d04989ef30
keyfork-derive-util: make key parsing fallible again, since secp256k1 isn't guaranteed correct 2024-05-03 23:20:50 -04:00
Ryan Heywood 1a036a0b5f
keyfork-shard: clean up documentation for encrypted shard padding 2024-05-03 22:41:38 -04:00
Ryan Heywood e0687434ef
keyfork-shard: display error message on duplicate key fingerprints found 2024-04-24 13:29:32 -04:00
Ryan Heywood 23db50956f
keyfork-shard: improve wording for counting shardholders 2024-04-24 13:13:48 -04:00
Ryan Heywood 94617722a0
keyfork-shard: ignore duplicate certificate entries 2024-04-22 17:06:13 -04:00
Ryan Heywood 001fc0bccc
remove trailing hitespace :( 2024-04-19 00:30:38 -04:00
Ryan Heywood 6a265ad203
keyfork-mnemonic-util: add MnemonicBase::from_nonstandard_bytes 2024-04-18 23:53:59 -04:00
Ryan Heywood 5d2309e301
keyfork-prompt: add SecurePinValidator for making new, secure, PINs 2024-04-18 23:01:03 -04:00
Ryan Heywood c0b19e2457
keyfork-shard: assert shared secrets are contributory 2024-04-17 15:36:42 -04:00
Ryan Heywood cdf401515f
keyfork wizard: use correct derivation path for re-deriving shard decryption keys 2024-04-17 15:25:22 -04:00
Ryan Heywood f0e5ae9a8b
keyfork-derive-openpgp: document KEYFORK_OPENPGP_EXPIRE 2024-04-17 15:25:20 -04:00
Ryan Heywood 289cec36ef
keyfork wizard: upcast i and index to avoid wrapping add 2024-04-17 15:25:19 -04:00
Ryan Heywood 0fe5301352
keyfork-shard: add in bug messages 2024-04-17 15:25:18 -04:00
Ryan Heywood 9f089e723a
keyfork-derive-openpgp: use .first() in place of .get(0) 2024-04-17 15:25:15 -04:00
Ryan Heywood 1de466cad0
keyfork-derive-util: allow zeroable input for non-master-key derivation 2024-04-17 15:25:02 -04:00
Ryan Heywood 61871a77f0
keyfork-derive-util: make private and public test keys more visible 2024-04-14 21:26:44 -04:00
Ryan Heywood 08a66e2365
keyfork-shard: base64 encode content instead of base16 2024-04-14 21:19:57 -04:00
Ryan Heywood 6fa434e89c
keyfork-shard: shorten length and pad inside encrypted block 2024-04-14 21:19:56 -04:00
Ryan Heywood 9394500f2f
keyfork-shard: generate nonce using hkdf 2024-04-14 21:19:52 -04:00
Ryan Heywood 2bca0a1580
keyfork-derive-util: make Test{Public,Private}Key public, rename Internal algorithm 2024-04-12 16:23:24 -04:00
Ryan Heywood 5438f4e111
keyfork-entropy: downgrade entropy size limit to warning 2024-04-12 16:14:41 -04:00
Ryan Heywood 71b6e4ed0c
Merge branch 'ryan/use-instant-time-qrcode' 2024-04-10 15:35:50 -04:00
Ryan Heywood 4f4e3cfc65
Merge branch 'ryan/harden-derivation-on-highest-level-keys' 2024-04-10 15:35:40 -04:00
Ryan Heywood 194d475d59
keyfork-shard: validate signatures using shard-specific validation requirements 2024-04-10 15:17:30 -04:00
Ryan Heywood 40551a5c26
keyforkd: require hardened derivation on two highest indexes 2024-04-09 20:14:59 -04:00
Ryan Heywood fa125e7cbe
keyfork-qrcode: prefer Instant over SystemTime for infallible time comparison 2024-04-09 19:54:11 -04:00
Ryan Heywood 0c768690db
.cargo/config.toml: add registry configuration :) 2024-03-24 22:52:27 -04:00
Ryan Heywood 752138bd35
crates: specify registry = distrust 2024-02-22 22:08:50 -05:00
Ryan Heywood 59c710a114
crates/util: add licenses to bug and bin 2024-02-22 21:49:10 -05:00
Ryan Heywood 076bc3a1f5
keyfork-mnemonic-util: bump version before publish 2024-02-22 21:46:34 -05:00
Ryan Heywood f206cd5db1
keyfork-prompt: add KEYFORK_PROMPT_MNEMONIC_MODE=steel 2024-02-21 02:50:57 -05:00
Ryan Heywood 1699975b57
keyfork-derive-util: fixup request docs post-mnemonic rewrite 2024-02-20 20:45:08 -05:00
Ryan Heywood 472d0288f9
keyfork-bug: initial commit, refactor use of unwrap() and expect() to use keyfork-bug 2024-02-20 20:39:28 -05:00
Ryan Heywood 354eae5a6a
keyfork-shard: first pass of reusable prompthandler 2024-02-20 18:33:54 -05:00
Ryan Heywood b15d088905
keyfork-derive-openpgp: decouple key signature time from key creation time 2024-02-19 17:59:55 -05:00
Ryan Heywood 425aa30aa6
keyfork-shard: remove old code! 2024-02-19 05:49:43 -05:00
Ryan Heywood 6a3018e5e8
keyfork-shard: bump after mnemonic refactor 2024-02-19 05:41:37 -05:00
Ryan Heywood d51ee36ace
keyfork-shard: fixup usage of smex 2024-02-19 05:40:43 -05:00
Ryan Heywood b75d45876a
keyfork-shard: refactor key discovery mechanisms 2024-02-19 05:36:27 -05:00
Ryan Heywood 2541d49fb8
keyfork-shard: add shard_and_encrypt 2024-02-19 05:36:26 -05:00
Ryan Heywood 3b5c1340db
keyfork-shard: add new methods to trait to support split() 2024-02-19 05:36:24 -05:00
Ryan Heywood 3c1d8e9784
cleanup use of keyfork-shard deprecated functions 2024-02-19 05:36:20 -05:00
Ryan Heywood 6093cf9be4
keyfork-shard: traitify functionality 2024-02-19 05:35:01 -05:00
Ryan Heywood dfcf4b1740
keyfork-mnemonic-util: reduce amount of generics for validated functions 2024-02-19 05:32:24 -05:00
Ryan Heywood 44d8cf2098
keyfork-mnemonic-util: major refactor of Mnemonic type, remove cloned Wordlist 2024-02-19 05:20:33 -05:00
Ryan Heywood ed61d0685a
keyfork-bin: initial commit 2024-02-18 19:19:04 -05:00
Ryan Heywood d481c7e164
keyfork-mnemonic-util: deprecate from{_raw,}_bytes 2024-02-18 18:14:50 -05:00
Ryan Heywood 31e51f65a5
keyfork-mnemonic-util: optimize Default::default() for Wordlist 2024-02-18 18:01:51 -05:00
Ryan Heywood 883e0cdf65
keyfork-mnemonic-util: deprecate seed() in favor of generate_seed() 2024-02-18 18:01:18 -05:00
Ryan Heywood 9cb953414f
tests, examples: make clippy happy 2024-02-18 17:59:23 -05:00
Ryan Heywood ece9f435d2
Clarify documentation and add more examples 
Note: The type signature of smex::encode and smex::decode has changed,
but will still accept values that were previously passed in.
 2024-02-18 17:57:24 -05:00
Ryan Heywood 33405ee4fc
keyfork-derive-openpgp: add KEYFORK_OPENPGP_EXPIRE env var 2024-02-12 12:17:14 -05:00
Ryan Heywood 278e5c84fd
crates: make Cargo.toml not include defaulted bin deps across crates 2024-02-12 03:09:35 -05:00
Ryan Heywood e441ef520f
keyforkd: appropriately handle or debug disconnects 2024-02-12 03:08:54 -05:00
Ryan Heywood f1c24fb33e
keyforkd: allow performing multiple requests on the same socket 2024-02-12 02:36:54 -05:00
Ryan Heywood a24a0166cc
keyforkd-client: add examples and integrity checks 2024-02-12 02:31:22 -05:00
Ryan Heywood 1209549532
keyforkd: impl test_util::run_test 2024-02-12 01:28:04 -05:00
Ryan Heywood 053902bf43
keyfork-derive-util: make variable-length seeds opt-in 2024-02-12 00:30:28 -05:00
Ryan Heywood 4354be4304
keyfork-derive-util: add arbitrary length seeds, remove length-based errors 2024-02-11 20:35:26 -05:00
Ryan Heywood 8108f5e61a
keyfork-derive-util, keyforkd-client: support fearless conversions 2024-02-11 20:20:56 -05:00
Ryan Heywood 4e2c4487e9
keyfork-qrcode: default to rqrr, keyfork default 2024-02-11 19:46:06 -05:00
Ryan Heywood 086e56bef0
keyfork-derive-util: minor refactor, tidy up publicness of modules 2024-02-11 01:04:13 -05:00
Ryan Heywood 0375ce7bdf
keyfork-derive-util: more docs!!! 2024-02-11 00:32:10 -05:00
Ryan Heywood 7817c3514e
keyfork-derive-util: add README / lib.rs docs 2024-02-10 23:58:25 -05:00
Ryan Heywood 5096df993e
keyfork-derive-util: add doctests/examples 2024-02-10 03:50:55 -05:00
Ryan Heywood f2250d00e1
keyfork-entropy: add doctests 2024-02-10 03:50:23 -05:00
Ryan Heywood 4e66367376
keyfork-slip10-test-data: fixup docs 2024-02-10 01:39:48 -05:00
Ryan Heywood aa5fde533c
keyfork-crossterm: fixup docs 2024-02-10 01:39:35 -05:00
Ryan Heywood 2b8c90fcd5
keyfork: add more documentation, unlink root README from crate 2024-02-10 01:30:50 -05:00
Ryan Heywood 1879a250c8
keyfork-shard: add instructions for sending QR code to operators 2024-02-05 20:29:43 -05:00
Ryan Heywood b3a05277e8
keyfork-shard: increase QR code read timeout from 30 to 60 seconds 2024-02-04 17:51:38 -05:00
Ryan Heywood e37b5f0e6a
keyfork-qrcode: add zbar as bin dep 2024-02-04 17:51:16 -05:00
Ryan Heywood 6af5ab663d
keyfork-shard: always use highest level of error correction 2024-02-02 01:23:37 -05:00
Ryan Heywood f47d7c92b8
keyfork-qrcode: enforce use of MPG1 video streams 2024-02-01 22:29:09 -05:00
Ryan Heywood 1112fe0870
keyfork wizard generate-shard-secret: create output file if not exists 2024-01-22 18:18:35 -05:00
Ryan Heywood 3b42ba5f00
keyfork-derive-openpgp: when converting ed25519 to cv25519, apply clamp operation 2024-01-21 18:10:36 -05:00
Ryan Heywood 019e390b94
keyforkd, keyfork-shard: add README.md 2024-01-20 01:17:56 -05:00
Ryan Heywood 2e3c387ae1
docs: better info about writing types containing data 2024-01-18 23:50:23 -05:00
Ryan Heywood bf50e2aeac
keyfork-mnemonic-util: fixup not including smex 2024-01-18 23:49:56 -05:00
Ryan Heywood 4c6c071539
keyfork: improve prompt UX of `wizard generate-shard-secret` 2024-01-18 14:46:31 -05:00
Ryan Heywood fbad0632a7
*: use full BIP-0032 and BIP-0039 names 2024-01-17 21:35:01 -05:00
Ryan Heywood 2de0c5ce10
keyfork-plumbing: move back into keyfork-{mnemonic-util,entropy} 2024-01-17 21:30:36 -05:00
Ryan Heywood c5d1a6d62c
keyfork: impl basic `recover mnemonic` 2024-01-17 21:21:11 -05:00