61 lines
2.0 KiB
Bash
61 lines
2.0 KiB
Bash
help() {
|
|
cat <<EOF
|
|
Airgap Arch Linux with Keyfork is best used with a removable SD card to store
|
|
shard files and other persistent media. After inserting an SD card, run the
|
|
following command to mount any unmounted SD cards and find any Shard files:
|
|
|
|
# discover-and-mount-sdcard
|
|
|
|
This guide will assume the discovered Shard file is listed as:
|
|
/media/mmcblk0p1/shards.pgp
|
|
If an alternative Shard file is found, that file should be used instead.
|
|
|
|
Keyfork can be used to set up a Shard-secured secret with an M-of-N scheme,
|
|
where M is the minimum amount of users required to recreate the secret and N is
|
|
is the total amount of shardholders. An additional value, K, will be used to
|
|
denote the amount of smartcards (i.e., backups) to provision per shardholder.
|
|
|
|
# keyfork wizard generate-shard-secret --threshold \$M --max \$N
|
|
--keys-per-shard \$K --output /media/mmcblk0p1/shards.pgp
|
|
|
|
The Keyfork server can be started using a Shard-secred secret locally, if all
|
|
shardholders are present, or using a QR-based remote recovery. The shard file
|
|
does not have to be present for remote recovery.
|
|
|
|
# keyfork recover shard /media/mmcblk0p1/shards.pgp
|
|
|
|
Or
|
|
|
|
# keyfork recover remote-shard
|
|
|
|
If performing a "Remote Shard" operation, Keyfork shards can be transported to
|
|
the system performing the operation by running the following command:
|
|
|
|
# keyfork shard transport /media/mmcblk0p1/shards.pgp
|
|
|
|
For more information, run:
|
|
|
|
# keyfork help
|
|
EOF
|
|
}
|
|
|
|
discover-and-mount-sdcard() {
|
|
MOUNT_OPTS="-o relatime,utf8,flush,umask=0000"
|
|
|
|
lsblk -nlo NAME,FSTYPE | awk '$2 == "vfat" { print $1 }' | while read partition; do
|
|
echo "Automatically mounting /dev/$partition to /media/$partition"
|
|
mkdir -p "/media/$partition"
|
|
umount "/media/$partition" 2>/dev/null
|
|
mount $MOUNT_OPTS "/dev/$partition" "/media/$partition"
|
|
find "/media/$partition" -name '*.pgp' -maxdepth 2 | while read file; do
|
|
echo "Found potential shardfile: $file"
|
|
done
|
|
done
|
|
}
|
|
|
|
echo
|
|
help
|
|
echo
|
|
discover-and-mount-sdcard
|
|
echo
|