Compare commits

..

3 Commits

Author SHA1 Message Date
Ryan Heywood ba64db8f00
update Cargo.toml and Cargo.lock 2024-08-08 00:56:40 -04:00
Ryan Heywood dd4354ffc1
keyfork: bump keyfork-shard 2024-08-08 00:53:15 -04:00
Ryan Heywood fa84a2ae5f
keyfork-shard: Be less strict about keys
Rationale: Keyfork Shard runs on Airgap systems. The biggest impact of
using StandardPolicy and checking whether keys are "alive" is the drift
between different Airgap systems where the keys may not be valid at the
same time. Because of this, it is impossible to shard a secret to all
keys at once using a StandardPolicy.

However, we consider these keys to be a trusted input, whether created
by a previous system or generated directly by Keyfork. Because of this,
we can use a NullPolicy to blanketly permit all keys, the same way we
blanketly permit all keys when reconstituting the sharded secret, and
disable the check for whether keys are alive (though, we are still
denying revoked keys).
2024-08-08 00:48:33 -04:00
4 changed files with 9 additions and 8 deletions

4
Cargo.lock generated
View File

@ -1674,7 +1674,7 @@ dependencies = [
[[package]]
name = "keyfork"
version = "0.2.2"
version = "0.2.3"
dependencies = [
"card-backend-pcsc",
"clap",
@ -1835,7 +1835,7 @@ dependencies = [
[[package]]
name = "keyfork-shard"
version = "0.2.1"
version = "0.2.2"
dependencies = [
"aes-gcm",
"anyhow",

View File

@ -1,6 +1,6 @@
[package]
name = "keyfork-shard"
version = "0.2.1"
version = "0.2.2"
edition = "2021"
license = "AGPL-3.0-only"

View File

@ -25,7 +25,7 @@ use openpgp::{
stream::{DecryptionHelper, DecryptorBuilder, VerificationHelper},
Parse,
},
policy::{NullPolicy, Policy, StandardPolicy},
policy::{NullPolicy, Policy},
serialize::{
stream::{ArbitraryWriter, Encryptor2, LiteralWriter, Message, Recipient, Signer},
Marshal,
@ -276,7 +276,7 @@ impl<P: PromptHandler> Format for OpenPGP<P> {
key_data: &[Self::PublicKey],
threshold: u8,
) -> Result<Self::EncryptedData, Self::Error> {
let policy = StandardPolicy::new();
let policy = NullPolicy::new();
let mut pp = vec![SHARD_METADATA_VERSION, threshold];
// Note: Sequoia does not export private keys on a Cert, only on a TSK
signing_key
@ -362,7 +362,7 @@ impl<P: PromptHandler> Format for OpenPGP<P> {
public_key: &Cert,
signing_key: &mut Self::SigningKey,
) -> Result<EncryptedMessage> {
let policy = StandardPolicy::new();
let policy = NullPolicy::new();
let valid_cert = public_key
.with_policy(&policy, None)
.map_err(Error::Sequoia)?;
@ -577,7 +577,8 @@ fn get_encryption_keys<'a>(
openpgp::packet::key::UnspecifiedRole,
> {
cert.keys()
.alive()
// NOTE: this causes complications on Airgap systems
// .alive()
.revoked(false)
.supported()
.for_storage_encryption()

View File

@ -1,6 +1,6 @@
[package]
name = "keyfork"
version = "0.2.2"
version = "0.2.3"
edition = "2021"
license = "AGPL-3.0-only"