flexible auth key backup and restore

oxidecomputer / offline-keystore

yubihsm-setup replacing the yubico cruft with our own cruft!

Mozilla Public License 2.0

9 stars 1 forks source link

flexible auth key backup and restore #213

Open flihp opened 1 month ago

flihp commented 1 month ago

The oks hsm restore command was developed as a way to ensure our backup key export & shamir splitting scheme could be restored. This needs to be integrated into the larger flow of a ceremony that restores the backup key and then does something with them.

flihp commented 3 weeks ago

Consider using the verifier produced when the key is initially split to validate shares as they're entered. This could save us some pain and suffering if shares are entered incorrectly.