Documentation
¶
Index ¶
- func DeriveSingleProvider(ctx context.Context, p provider.Provider, pc *config.ProviderConfig, ...) (secret []byte, skipped bool)
- func EmitKey(key []byte, raw, b64 bool) error
- func Execute(ctx context.Context, cmd *cli.Command) error
- func FormatKey(key []byte, raw, b64 bool) string
- func FormatKeyBytes(key []byte, raw, b64 bool) []byte
- func InstallPromptCallbacks(ctx context.Context, pw *progress.Writer) context.Context
- func Reconstruct(ctx context.Context, profileName string, opts ...ReconstructOpts) ([]byte, error)
- type MasterKeyResult
- type ReconstructOpts
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func DeriveSingleProvider ¶
func DeriveSingleProvider( ctx context.Context, p provider.Provider, pc *config.ProviderConfig, pw *progress.Writer, timeoutOverride time.Duration, ) (secret []byte, skipped bool)
DeriveSingleProvider runs the same hardware-aware single-provider derive path used by Reconstruct. Returned values: the 32-byte secret (caller must wipe), whether the user skipped the provider (via esc or timeout), and any terminal error. Exposed so rekey can collect a missing kept provider's secret after the main unlock loop has already met threshold.
func EmitKey ¶
EmitKey writes a key to stdout in the requested format. Default is hex. Shared by derive and pipe commands.
func FormatKey ¶
FormatKey returns the key as a string in the requested format. Used on the env-var delivery path where Go's exec.Cmd.Env is []string-typed and the string can't be wiped. Prefer FormatKeyBytes for stdin delivery — that returns a caller-owned []byte which the caller can zero via WipeBytes.
func FormatKeyBytes ¶
FormatKeyBytes returns the key as a fresh caller-owned []byte in the requested format. Callers MUST wipe the returned slice (via crypto.WipeBytes) once the plaintext key is no longer needed — this is the wipeable counterpart to FormatKey for use on the stdin delivery path, where we want to zero the in-memory copy as soon as the child process has consumed it.
func InstallPromptCallbacks ¶
InstallPromptCallbacks wires the progress writer into the context so providers can prompt inline while preserving the masked-input UX. Exposed so callers that want to reuse a single pw across multiple derive-style phases (e.g. rekey) can set up the context once.
func Reconstruct ¶
Reconstruct loads a profile, tries providers, combines shares progressively, and verifies the config integrity HMAC. Returns the 32-byte derived output key.
Types ¶
type MasterKeyResult ¶
type MasterKeyResult struct {
MasterKey []byte
Secrets map[string][]byte // key "type:id" → 32-byte provider secret
Profile *config.Profile
}
MasterKeyResult is returned by ReconstructMasterKey. It holds the reconstructed master key and the provider secrets collected during unlock. Caller owns everything and must call Wipe() when done.
func ReconstructMasterKey ¶
func ReconstructMasterKey(ctx context.Context, profileName string, opts ...ReconstructOpts) (*MasterKeyResult, error)
ReconstructMasterKey runs the full provider-iteration + share-combine flow and returns the master key plus the provider secrets collected along the way, keyed by "type:id". It iterates every provider in the profile (subject to --provider / --skip filters), lets the user skip individual ones, and stops as soon as the threshold is met and the integrity HMAC verifies.
Used by rekey, which needs the master key to re-Split and at least some of the provider secrets to re-encrypt kept providers' new shares.
func (*MasterKeyResult) Wipe ¶
func (r *MasterKeyResult) Wipe()
Wipe zeroes the master key and every collected secret. Safe to call multiple times.
type ReconstructOpts ¶
type ReconstructOpts struct {
// ProviderFilter limits derivation to these providers. Each entry is
// matched as "type:id" (exact) or just "type" (all of that type).
// Empty means use all providers.
ProviderFilter []string
// SkipFilter excludes these providers. Same matching as ProviderFilter.
SkipFilter []string
// Quiet suppresses all stderr output except fatal errors.
Quiet bool
// Timeout overrides the default hardware provider timeout.
// Zero means use the provider's default.
Timeout time.Duration
// Use is an optional context label appended to the HKDF info string
// to derive different keys from the same profile (e.g., "disk", "signing").
Use string
// NoTUI forces plain-line prompts and output even when stderr is a TTY.
// Intended for scripts and CI.
NoTUI bool
}
ReconstructOpts controls provider filtering, skip behavior, and output during key reconstruction.
Source Files