keyfork wizard generate-shard-secret: allow exporting certificates and cross-sign generated keys

crates/keyfork-shard/src/lib.rs

@@ -3,8 +3,8 @@
 
 use std::{
     io::{stdin, stdout, Read, Write},
-    sync::Mutex,
     rc::Rc,
+    sync::Mutex,
 };
 
 use aes_gcm::{
@@ -140,7 +140,7 @@ pub trait Format {
         prompt: Rc<Mutex<Box<dyn PromptHandler>>>,
     ) -> Result<(Vec<Share>, u8), Self::Error>;
 
-    /// Decrypt a single share and associated metadata from a reaable input. For the current
+    /// Decrypt a single share and associated metadata from a readable input. For the current
     /// version of Keyfork, the only associated metadata is a u8 representing the threshold to
     /// combine secrets.
     ///
@@ -154,6 +154,40 @@ pub trait Format {
         prompt: Rc<Mutex<Box<dyn PromptHandler>>>,
     ) -> Result<(Share, u8), Self::Error>;
 
+    /// Decrypt the public keys and metadata from encrypted data.
+    ///
+    /// # Errors
+    /// The method may return an error if hte shardfile couldn't be read from or if the metadata
+    /// could neither be encrypted nor parsed.
+    fn decrypt_metadata(
+        &self,
+        private_keys: Option<Self::PrivateKeyData>,
+        encrypted_data: &[Self::EncryptedData],
+        prompt: Rc<Mutex<Box<dyn PromptHandler>>>,
+    ) -> std::result::Result<(u8, Vec<Self::PublicKey>), Self::Error>;
+
+    /// Decrypt the public keys and metadata from a Shardfile.
+    ///
+    /// # Errors
+    /// The method may return an error if hte shardfile couldn't be read from or if the metadata
+    /// could neither be encrypted nor parsed.
+    fn decrypt_metadata_from_file(
+        &self,
+        private_key_discovery: Option<impl KeyDiscovery<Self>>,
+        reader: impl Read + Send + Sync,
+        prompt: Box<dyn PromptHandler>,
+    ) -> Result<(u8, Vec<Self::PublicKey>), Self::Error> {
+        let private_keys = private_key_discovery
+            .map(|p| p.discover_private_keys())
+            .transpose()?;
+        let encrypted_messages = self.parse_shard_file(reader)?;
+        self.decrypt_metadata(
+            private_keys,
+            &encrypted_messages,
+            Rc::new(Mutex::new(prompt)),
+        )
+    }
+
     /// Decrypt multiple shares and combine them to recreate a secret.
     ///
     /// # Errors

crates/keyfork-shard/src/openpgp.rs

@@ -549,6 +549,26 @@ impl Format for OpenPGP {
 
         panic!("unable to decrypt shard");
     }
+
+    fn decrypt_metadata(
+        &self,
+        private_keys: Option<Self::PrivateKeyData>,
+        encrypted_data: &[Self::EncryptedData],
+        prompt: Rc<Mutex<Box<dyn PromptHandler>>>,
+    ) -> std::result::Result<(u8, Vec<Self::PublicKey>), Self::Error> {
+        let policy = NullPolicy::new();
+        let mut keyring = Keyring::new(private_keys.unwrap_or_default(), prompt.clone())?;
+        let mut manager = SmartcardManager::new(prompt.clone())?;
+        let mut encrypted_messages = encrypted_data.iter();
+
+        let metadata = encrypted_messages
+            .next()
+            .expect(bug!(METADATA_MESSAGE_MISSING));
+        let metadata_content = decrypt_metadata(metadata, &policy, &mut keyring, &mut manager)?;
+
+        let (threshold, _root_cert, certs) = decode_metadata_v1(&metadata_content)?;
+        Ok((threshold, certs))
+    }
 }
 
 impl KeyDiscovery<OpenPGP> for &Path {

crates/keyfork/src/cli/shard.rs

@@ -50,6 +50,14 @@ trait ShardExec {
         key_discovery: Option<&Path>,
         input: impl Read + Send + Sync,
     ) -> Result<(), Box<dyn std::error::Error>>;
+
+    fn metadata(
+        &self,
+        key_discovery: Option<&Path>,
+        input: impl Read + Send + Sync,
+        output_pubkeys: &mut impl Write,
+        output: &mut impl Write,
+    ) -> Result<(), Box<dyn std::error::Error>>;
 }
 
 #[derive(Clone, Debug)]
@@ -92,6 +100,31 @@ impl ShardExec for OpenPGP {
         openpgp.decrypt_one_shard_for_transport(key_discovery, input, prompt)?;
         Ok(())
     }
+
+    fn metadata(
+        &self,
+        key_discovery: Option<&Path>,
+        input: impl Read + Send + Sync,
+        output_pubkeys: &mut impl Write,
+        output: &mut impl Write,
+    ) -> Result<(), Box<dyn std::error::Error>> {
+        use keyfork_derive_openpgp::openpgp::{
+            serialize::Marshal,
+            armor::{Writer, Kind},
+        };
+
+        let openpgp = keyfork_shard::openpgp::OpenPGP;
+        let prompt = default_handler()?;
+
+        let (threshold, certs) = openpgp.decrypt_metadata_from_file(key_discovery, input, prompt)?;
+        let mut writer = Writer::new(output_pubkeys, Kind::PublicKey)?;
+        for cert in certs {
+            cert.serialize(&mut writer)?;
+        }
+        writer.finalize()?;
+        writeln!(output, "Threshold: {threshold}")?;
+        Ok(())
+    }
 }
 
 #[derive(Clone, Debug)]
@@ -141,6 +174,20 @@ pub enum ShardSubcommands {
         /// The path to discover private keys from.
         key_discovery: Option<PathBuf>,
     },
+
+    /// Decrypt metadata for a shardfile, including the threshold and the public keys. Public keys
+    /// are serialized to a file.
+    Metadata {
+        /// The path to load the Shardfile from.
+        shardfile: PathBuf,
+
+        /// The path to write public keys to.
+        #[arg(long)]
+        output_pubkeys: PathBuf,
+
+        /// The path to discover private keys from.
+        key_discovery: Option<PathBuf>,
+    }
 }
 
 impl ShardSubcommands {
@@ -209,6 +256,27 @@ impl ShardSubcommands {
                     None => panic!("{COULD_NOT_DETERMINE_FORMAT}"),
                 }
             }
+            ShardSubcommands::Metadata { shardfile, output_pubkeys, key_discovery } => {
+                let shard_content = std::fs::read_to_string(shardfile)?;
+                if shard_content.contains("BEGIN PGP MESSAGE") {
+                    let _ = format.insert(Format::OpenPGP(OpenPGP));
+                }
+
+                let mut output_pubkeys_file = std::fs::File::create(output_pubkeys)?;
+
+                match format {
+                    Some(Format::OpenPGP(o)) => o.metadata(
+                        key_discovery.as_deref(),
+                        shard_content.as_bytes(),
+                        &mut output_pubkeys_file,
+                        &mut stdout,
+                    ),
+                    Some(Format::P256(_p)) => {
+                        todo!()
+                    }
+                    None => panic!("{COULD_NOT_DETERMINE_FORMAT}"),
+                }
+            }
         }
     }
 }

crates/keyfork/src/cli/wizard.rs

@@ -9,9 +9,10 @@ use keyfork_derive_openpgp::{
     openpgp::{
         self,
         armor::{Kind, Writer},
-        packet::UserID,
+        packet::{UserID, signature::SignatureBuilder},
         serialize::Marshal,
-        types::KeyFlags,
+        types::{SignatureType, KeyFlags},
+        policy::StandardPolicy,
         Cert,
     },
     XPrv,
@@ -20,8 +21,7 @@ use keyfork_derive_path_data::paths;
 use keyfork_derive_util::DerivationIndex;
 use keyfork_mnemonic::Mnemonic;
 use keyfork_prompt::{
-    default_handler,
-    prompt_validated_passphrase,
+    default_handler, prompt_validated_passphrase,
     validators::{SecurePinValidator, Validator},
     Message,
 };
@@ -133,6 +133,10 @@ pub struct GenerateShardSecret {
     /// The file to write the generated shard file to.
     #[arg(long)]
     output: Option<PathBuf>,
+
+    /// The file to write generated certificates to.
+    #[arg(long)]
+    cert_output: Option<PathBuf>,
 }
 
 /// Create a 256 bit secret and shard the secret to previously known OpenPGP certificates,
@@ -172,6 +176,41 @@ impl WizardSubcommands {
     }
 }
 
+fn cross_sign_certs(certs: &mut [Cert]) -> Result<(), Box<dyn std::error::Error>> {
+    let policy = StandardPolicy::new();
+    for signing_cert in certs.to_vec() {
+        let mut certify_key = signing_cert
+            .with_policy(&policy, None)?
+            .keys()
+            .unencrypted_secret()
+            .for_certification()
+            .next()
+            .expect("certify key unusable/not found")
+            .key()
+            .clone()
+            .into_keypair()?;
+        for signable_cert in certs.iter_mut() {
+            let sb = SignatureBuilder::new(SignatureType::GenericCertification);
+            let userid = signable_cert
+                .userids()
+                .next()
+                .expect("a signable user ID is necessary to create web of trust");
+            let signature = sb.sign_userid_binding(
+                &mut certify_key,
+                signable_cert.primary_key().key(),
+                &*userid,
+            )?;
+            let changed;
+            (*signable_cert, changed) = signable_cert.clone().insert_packets2(signature)?;
+            assert!(
+                changed,
+                "OpenPGP certificate was unchanged after inserting packets"
+            );
+        }
+    }
+    Ok(())
+}
+
 impl GenerateShardSecret {
     fn handle(&self) -> Result<()> {
         let seed = keyfork_entropy::generate_entropy_of_const_size::<{ 256 / 8 }>()?;
@@ -237,6 +276,8 @@ impl GenerateShardSecret {
             certs.push(cert);
         }
 
+        cross_sign_certs(&mut certs)?;
+
         let opgp = OpenPGP;
 
         if let Some(output_file) = self.output.as_ref() {
@@ -251,6 +292,16 @@ impl GenerateShardSecret {
                 std::io::stdout(),
             )?;
         }
+
+        if let Some(cert_output_file) = self.cert_output.as_ref() {
+            let output = File::create(cert_output_file)?;
+            let mut writer = Writer::new(output, Kind::PublicKey)?;
+            for cert in certs {
+                cert.serialize(&mut writer)?;
+            }
+            writer.finalize()?;
+        }
+
         Ok(())
     }
 }