public
/
keyfork
5
0
Fork 0
Code Issues 25 Pull Requests 1 Packages Projects Releases Wiki Activity

Quick sharding mnemonics without a wizard #61

New Issue
Open
opened 2025-01-14 21:59:41 +00:00 by ryan · 4 comments
ryan commented 2025-01-14 21:59:41 +00:00
Owner
Copy Link
keyfork mnemonic generate --size 256 --shard --certificates ./certificates --threshold 3 --max 5
``` keyfork mnemonic generate --size 256 --shard --certificates ./certificates --threshold 3 --max 5 ```
ryan commented 2025-01-14 22:00:32 +00:00
Author
Owner
Copy Link

Note that this is functionally equivalent to:

keyfork mnemonic generate --size 256 | keyfork shard split --threshold 3 --max 5 ./certificates
Note that this is functionally equivalent to: ``` keyfork mnemonic generate --size 256 | keyfork shard split --threshold 3 --max 5 ./certificates ```
ryan commented 2025-01-14 22:24:07 +00:00
Author
Owner
Copy Link

We can also include an --encrypt-to option to encrypt a mnemonic to a previously-known disaster recovery certificate, that works either independently of, or in combination with, the previous shard commands.

We can also include an `--encrypt-to` option to encrypt a mnemonic to a previously-known disaster recovery certificate, that works either independently of, or in combination with, the previous shard commands.
ryan commented 2025-01-14 23:07:35 +00:00
Author
Owner
Copy Link
keyfork mnemonic generate --size 256 --shard --certificates ./certificates --threshold 3 --max 5 --encrypt-to dr1.asc --encrypt-to dr2.asc --shard-to shard1.asc --shard-to shard2.asc

dr1 and dr2 are OpenPGP certificates. shard1 and shard2 are previously-created Shardfiles. certificates are OpenPGP certificates used for sharding. An operator for every shard must be present to decrypt the same metadata packet, with the same certificates and m-of-n threshold being reused.

``` keyfork mnemonic generate --size 256 --shard --certificates ./certificates --threshold 3 --max 5 --encrypt-to dr1.asc --encrypt-to dr2.asc --shard-to shard1.asc --shard-to shard2.asc ``` `dr1` and `dr2` are OpenPGP certificates. `shard1` and `shard2` are previously-created Shardfiles. `certificates` are OpenPGP certificates used for sharding. An operator for every shard must be present to decrypt the same metadata packet, with the same certificates and m-of-n threshold being reused.
ryan commented 2025-01-16 21:32:42 +00:00
Author
Owner
Copy Link

keyfork mnemonic generate --size 256 --encrypt-to self --start-server could be used to:

  1. generate the mnemonic
  2. encrypt the mnemonic text to the default OpenPGP key
  3. start a Keyfork server with the mnemonic

Starting the Keyfork server is only a valid option of --encrypt-to, --shard, or --shard-to are passed, to ensure the mnemonic is in some way preserved.

`keyfork mnemonic generate --size 256 --encrypt-to self --start-server` could be used to: 1. generate the mnemonic 2. encrypt the mnemonic text to the default OpenPGP key 3. start a Keyfork server with the mnemonic Starting the Keyfork server is only a valid option of `--encrypt-to`, `--shard`, or `--shard-to` are passed, to ensure the mnemonic is in some way preserved.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
main
ryansquared/staging-since-latest
ryansquared/quick-and-dirty-prompt
ryan/use-instant-time-qrcode
ryan/old-static-retain-for-stagex
ryan/recover-shardholder-hardware
ryan/keyfork-shard/reuse-prompt-handler
ryan/keyfork-shard-reuse-prompt-handler
ryan/optimize-hunk
ryan/cargo-update
keyforkd-client-v0.2.2
keyforkd-v0.1.3
keyfork-zbar-v0.1.1
keyfork-shard-v0.3.0
keyfork-qrcode-v0.1.2
keyfork-prompt-v0.2.0
keyfork-mnemonic-v0.4.1
keyfork-entropy-v0.1.2
keyfork-derive-util-v0.2.2
keyfork-derive-path-data-v0.1.3
keyfork-derive-openpgp-v0.1.4
keyfork-derive-key-v0.1.2
keyfork-crossterm-v0.27.2
keyfork-v0.2.5
keyforkd-client-v0.2.1
keyforkd-v0.1.2
keyfork-shard-v0.2.3
keyfork-prompt-v0.1.2
keyfork-mnemonic-v0.4.0
keyfork-derive-util-v0.2.1
keyfork-derive-path-data-v0.1.2
keyfork-derive-openpgp-v0.1.3
keyfork-v0.2.4
keyfork-shard-v0.2.2
keyfork-v0.2.3
keyfork-derive-openpgp-v0.1.2
keyfork-v0.2.2
keyforkd-models-v0.2.0
keyforkd-client-v0.2.0
keyforkd-v0.1.1
keyfork-shard-v0.2.0
keyfork-qrcode-v0.1.1
keyfork-prompt-v0.1.1
keyfork-mnemonic-util-v0.3.0
keyfork-entropy-v0.1.1
keyfork-derive-util-v0.2.0
keyfork-derive-path-data-v0.1.1
keyfork-derive-openpgp-v0.1.1
keyfork-derive-key-v0.1.1
keyfork-v0.2.0
keyfork-v0.1.0
smex-v0.1.0
keyfork-bug-v0.1.0
keyfork-bin-v0.1.0
keyfork-slip10-test-data-v0.1.0
keyfork-derive-util-v0.1.0
keyfork-frame-v0.1.0
keyforkd-models-v0.1.0
keyforkd-client-v0.1.0
keyfork-derive-openpgp-v0.1.0
keyfork-entropy-v0.1.0
keyfork-crossterm-v0.27.1
keyfork-prompt-v0.1.0
keyfork-zbar-sys-v0.1.0
keyfork-zbar-v0.1.0
keyfork-qrcode-v0.1.0
keyfork-shard-v0.1.0
keyfork-derive-path-data-v0.1.0
keyforkd-v0.1.0
keyfork-derive-key-v0.1.0
keyfork-mnemonic-util-v0.2.0
keyfork-mnemonic-util-v0.1.0
Labels
Clear labels
No items
No Label
Milestone
Clear milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
No Assignees
1 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: public/keyfork#61
No description provided.
Delete Branch "%!s(<nil>)"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?