Ryan Heywood
dd4354ffc1
keyfork: bump keyfork-shard
2024-08-08 00:53:15 -04:00
Ryan Heywood
fa84a2ae5f
keyfork-shard: Be less strict about keys
...
Rationale: Keyfork Shard runs on Airgap systems. The biggest impact of
using StandardPolicy and checking whether keys are "alive" is the drift
between different Airgap systems where the keys may not be valid at the
same time. Because of this, it is impossible to shard a secret to all
keys at once using a StandardPolicy.
However, we consider these keys to be a trusted input, whether created
by a previous system or generated directly by Keyfork. Because of this,
we can use a NullPolicy to blanketly permit all keys, the same way we
blanketly permit all keys when reconstituting the sharded secret, and
disable the check for whether keys are alive (though, we are still
denying revoked keys).
2024-08-08 00:48:33 -04:00
Ryan Heywood
bac762f5be
release keyfork v0.2.2 and keyfork-derive-openpgp 0.1.2
2024-08-01 01:37:18 -04:00
Ryan Heywood
c868afedbf
scripts/generate-dependency-queue.py: doc how to run
2024-08-01 01:30:56 -04:00
Ryan Heywood
8d40d2630c
keyfork: add `bottoms-up` wizard
2024-08-01 01:30:54 -04:00
Ryan Heywood
142bea3b9f
keyfork-shard: verify QR code length correctly
2024-05-29 16:16:55 -04:00
Ryan Heywood
c65ddbf119
scripts/generate-dependency-queue.py: rewrite
2024-05-16 14:56:31 -04:00
Ryan Heywood
d759982853
scripts: add publishing scripts
2024-05-16 02:01:10 -04:00
Ryan Heywood
491d19469a
crates: bump versions
2024-05-16 00:29:28 -04:00
Ryan Heywood
756be9b9d7
Merge remote-tracking branch 'origin/anton/require-min-entropy'
2024-05-05 14:49:12 -04:00
Ryan Heywood
ad329131de
Merge remote-tracking branch 'origin/anton/chore/update-readme'
2024-05-05 14:49:01 -04:00
Anton Livaja
bcfcc8711f
keyforkd: add warning when loading seed with less than 128 bits
2024-05-05 14:27:10 -04:00
Ryan Heywood
de4e98ae07
keyfork-derive-util: black-box checking all zeroes
2024-05-03 23:28:45 -04:00
Ryan Heywood
48ccd7c68f
keyfork-derive-util: add note about potential side-channel when verifying keys
2024-05-03 23:20:53 -04:00
Ryan Heywood
d04989ef30
keyfork-derive-util: make key parsing fallible again, since secp256k1 isn't guaranteed correct
2024-05-03 23:20:50 -04:00
Ryan Heywood
1a036a0b5f
keyfork-shard: clean up documentation for encrypted shard padding
2024-05-03 22:41:38 -04:00
Anton Livaja
fc0350a098
fix: specify OpenPGP
2024-04-29 17:57:05 -04:00
Anton Livaja
a18ea7ba0f
chore: make docs regarding factory reset more specific
2024-04-29 13:20:46 -04:00
Ryan Heywood
e0687434ef
keyfork-shard: display error message on duplicate key fingerprints found
2024-04-24 13:29:32 -04:00
Ryan Heywood
23db50956f
keyfork-shard: improve wording for counting shardholders
2024-04-24 13:13:48 -04:00
Ryan Heywood
94617722a0
keyfork-shard: ignore duplicate certificate entries
2024-04-22 17:06:13 -04:00
Ryan Heywood
001fc0bccc
remove trailing hitespace :(
2024-04-19 00:30:38 -04:00
Ryan Heywood
6a265ad203
keyfork-mnemonic-util: add MnemonicBase::from_nonstandard_bytes
2024-04-18 23:53:59 -04:00
Ryan Heywood
5d2309e301
keyfork-prompt: add SecurePinValidator for making new, secure, PINs
2024-04-18 23:01:03 -04:00
Ryan Heywood
c0b19e2457
keyfork-shard: assert shared secrets are contributory
2024-04-17 15:36:42 -04:00
Ryan Heywood
cdf401515f
keyfork wizard: use correct derivation path for re-deriving shard decryption keys
2024-04-17 15:25:22 -04:00
Ryan Heywood
f0e5ae9a8b
keyfork-derive-openpgp: document KEYFORK_OPENPGP_EXPIRE
2024-04-17 15:25:20 -04:00
Ryan Heywood
289cec36ef
keyfork wizard: upcast i and index to avoid wrapping add
2024-04-17 15:25:19 -04:00
Ryan Heywood
0fe5301352
keyfork-shard: add in bug messages
2024-04-17 15:25:18 -04:00
Ryan Heywood
9f089e723a
keyfork-derive-openpgp: use .first() in place of .get(0)
2024-04-17 15:25:15 -04:00
Ryan Heywood
1de466cad0
keyfork-derive-util: allow zeroable input for non-master-key derivation
2024-04-17 15:25:02 -04:00
Ryan Heywood
57354fc714
Cargo.lock: bump insta, remove unmaintained yaml-rust
2024-04-14 21:27:57 -04:00
Ryan Heywood
61871a77f0
keyfork-derive-util: make private and public test keys more visible
2024-04-14 21:26:44 -04:00
Ryan Heywood
08a66e2365
keyfork-shard: base64 encode content instead of base16
2024-04-14 21:19:57 -04:00
Ryan Heywood
6fa434e89c
keyfork-shard: shorten length and pad inside encrypted block
2024-04-14 21:19:56 -04:00
Ryan Heywood
68f07f6f02
bump mio and iana-time-zone
2024-04-14 21:19:54 -04:00
Ryan Heywood
9394500f2f
keyfork-shard: generate nonce using hkdf
2024-04-14 21:19:52 -04:00
Ryan Heywood
2bca0a1580
keyfork-derive-util: make Test{Public,Private}Key public, rename Internal algorithm
2024-04-12 16:23:24 -04:00
Ryan Heywood
5438f4e111
keyfork-entropy: downgrade entropy size limit to warning
2024-04-12 16:14:41 -04:00
Ryan Heywood
71b6e4ed0c
Merge branch 'ryan/use-instant-time-qrcode'
2024-04-10 15:35:50 -04:00
Ryan Heywood
4f4e3cfc65
Merge branch 'ryan/harden-derivation-on-highest-level-keys'
2024-04-10 15:35:40 -04:00
Ryan Heywood
194d475d59
keyfork-shard: validate signatures using shard-specific validation requirements
2024-04-10 15:17:30 -04:00
Ryan Heywood
40551a5c26
keyforkd: require hardened derivation on two highest indexes
2024-04-09 20:14:59 -04:00
Ryan Heywood
fa125e7cbe
keyfork-qrcode: prefer Instant over SystemTime for infallible time comparison
2024-04-09 19:54:11 -04:00
Ryan Heywood
f96ad11422
docs: add basic documentation on shard remote-decrypt protocol
2024-04-08 14:44:26 -04:00
Anton Livaja
089021a302
chore: add link to airgapOS repo
2024-03-28 20:01:50 -04:00
Ryan Heywood
0c768690db
.cargo/config.toml: add registry configuration :)
2024-03-24 22:52:27 -04:00
Ryan Heywood
752138bd35
crates: specify registry = distrust
2024-02-22 22:08:50 -05:00
Ryan Heywood
59c710a114
crates/util: add licenses to bug and bin
2024-02-22 21:49:10 -05:00
Ryan Heywood
076bc3a1f5
keyfork-mnemonic-util: bump version before publish
2024-02-22 21:46:34 -05:00