public
/
keyfork
5
0
Fork 0
Code Issues 25 Pull Requests 2 Packages Projects Releases Wiki Activity

Quick sharding mnemonics without a wizard #61

New Issue
Closed
opened 2025-01-14 21:59:41 +00:00 by ryan · 5 comments
ryan commented 2025-01-14 21:59:41 +00:00
Owner
Copy Link
keyfork mnemonic generate --size 256 --shard --certificates ./certificates --threshold 3 --max 5
``` keyfork mnemonic generate --size 256 --shard --certificates ./certificates --threshold 3 --max 5 ```
ryan commented 2025-01-14 22:00:32 +00:00
Author
Owner
Copy Link

Note that this is functionally equivalent to:

keyfork mnemonic generate --size 256 | keyfork shard split --threshold 3 --max 5 ./certificates
Note that this is functionally equivalent to: ``` keyfork mnemonic generate --size 256 | keyfork shard split --threshold 3 --max 5 ./certificates ```
ryan commented 2025-01-14 22:24:07 +00:00
Author
Owner
Copy Link

We can also include an --encrypt-to option to encrypt a mnemonic to a previously-known disaster recovery certificate, that works either independently of, or in combination with, the previous shard commands.

We can also include an `--encrypt-to` option to encrypt a mnemonic to a previously-known disaster recovery certificate, that works either independently of, or in combination with, the previous shard commands.
ryan commented 2025-01-14 23:07:35 +00:00
Author
Owner
Copy Link
keyfork mnemonic generate --size 256 --shard --certificates ./certificates --threshold 3 --max 5 --encrypt-to dr1.asc --encrypt-to dr2.asc,output=dr2-new-filename.asc --shard-to shard1.asc --shard-to shard2.asc,output=shard2-new-filename.asc

dr1 and dr2 are OpenPGP certificates. shard1 and shard2 are previously-created Shardfiles. certificates are OpenPGP certificates used for sharding. An operator for every shard must be present to decrypt the same metadata packet, with the same certificates and m-of-n threshold being reused.

``` keyfork mnemonic generate --size 256 --shard --certificates ./certificates --threshold 3 --max 5 --encrypt-to dr1.asc --encrypt-to dr2.asc,output=dr2-new-filename.asc --shard-to shard1.asc --shard-to shard2.asc,output=shard2-new-filename.asc ``` `dr1` and `dr2` are OpenPGP certificates. `shard1` and `shard2` are previously-created Shardfiles. `certificates` are OpenPGP certificates used for sharding. An operator for every shard must be present to decrypt the same metadata packet, with the same certificates and m-of-n threshold being reused.
ryan commented 2025-01-16 21:32:42 +00:00
Author
Owner
Copy Link

keyfork mnemonic generate --size 256 --encrypt-to-self backup.asc can be used in combination with (for example) --provision openpgp-card,count=2,account=1,output=cert.asc to disable outputting the mnemonic and instead provisioning to OpenPGP cards.

`keyfork mnemonic generate --size 256 --encrypt-to-self backup.asc` can be used in combination with (for example) `--provision openpgp-card,count=2,account=1,output=cert.asc` to disable outputting the mnemonic and instead provisioning to OpenPGP cards.
ryan commented 2025-01-27 17:01:09 +00:00
Author
Owner
Copy Link

Closed by: c232828290

Closed by: https://git.distrust.co/public/keyfork/commit/c232828290f9e5a6b2e1db713ce1a5fe69c01aef
ryan closed this issue 2025-01-27 17:01:09 +00:00
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
main
anton/add-deps-to-readme
ryansquared/staging-since-latest
ryansquared/quick-and-dirty-prompt
ryan/use-instant-time-qrcode
ryan/old-static-retain-for-stagex
ryan/recover-shardholder-hardware
ryan/keyfork-shard/reuse-prompt-handler
ryan/keyfork-shard-reuse-prompt-handler
ryan/optimize-hunk
ryan/cargo-update
keyfork-zbar-v0.1.2
keyfork-shard-v0.3.2
keyfork-qrcode-v0.1.3
keyfork-prompt-v0.2.2
keyfork-bug-v0.1.1
keyfork-v0.3.0
keyfork-shard-v0.3.1
keyforkd-v0.1.4
keyfork-tests-v0.1.0
keyfork-prompt-v0.2.1
keyfork-derive-openpgp-v0.1.5
keyfork-v0.2.6
keyforkd-client-v0.2.2
keyforkd-v0.1.3
keyfork-zbar-v0.1.1
keyfork-shard-v0.3.0
keyfork-qrcode-v0.1.2
keyfork-prompt-v0.2.0
keyfork-mnemonic-v0.4.1
keyfork-entropy-v0.1.2
keyfork-derive-util-v0.2.2
keyfork-derive-path-data-v0.1.3
keyfork-derive-openpgp-v0.1.4
keyfork-derive-key-v0.1.2
keyfork-crossterm-v0.27.2
keyfork-v0.2.5
keyforkd-client-v0.2.1
keyforkd-v0.1.2
keyfork-shard-v0.2.3
keyfork-prompt-v0.1.2
keyfork-mnemonic-v0.4.0
keyfork-derive-util-v0.2.1
keyfork-derive-path-data-v0.1.2
keyfork-derive-openpgp-v0.1.3
keyfork-v0.2.4
keyfork-shard-v0.2.2
keyfork-v0.2.3
keyfork-derive-openpgp-v0.1.2
keyfork-v0.2.2
keyforkd-models-v0.2.0
keyforkd-client-v0.2.0
keyforkd-v0.1.1
keyfork-shard-v0.2.0
keyfork-qrcode-v0.1.1
keyfork-prompt-v0.1.1
keyfork-mnemonic-util-v0.3.0
keyfork-entropy-v0.1.1
keyfork-derive-util-v0.2.0
keyfork-derive-path-data-v0.1.1
keyfork-derive-openpgp-v0.1.1
keyfork-derive-key-v0.1.1
keyfork-v0.2.0
keyfork-v0.1.0
smex-v0.1.0
keyfork-bug-v0.1.0
keyfork-bin-v0.1.0
keyfork-slip10-test-data-v0.1.0
keyfork-derive-util-v0.1.0
keyfork-frame-v0.1.0
keyforkd-models-v0.1.0
keyforkd-client-v0.1.0
keyfork-derive-openpgp-v0.1.0
keyfork-entropy-v0.1.0
keyfork-crossterm-v0.27.1
keyfork-prompt-v0.1.0
keyfork-zbar-sys-v0.1.0
keyfork-zbar-v0.1.0
keyfork-qrcode-v0.1.0
keyfork-shard-v0.1.0
keyfork-derive-path-data-v0.1.0
keyforkd-v0.1.0
keyfork-derive-key-v0.1.0
keyfork-mnemonic-util-v0.2.0
keyfork-mnemonic-util-v0.1.0
Labels
Clear labels
No items
No Label
Milestone
Clear milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
No Assignees
1 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: public/keyfork#61
No description provided.
Delete Branch "%!s(<nil>)"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?