Documentation
¶
Overview ¶
Package rekey implements the `cryptkey rekey` command, which rebuilds a profile's Shamir share set under a new (n', t') and provider list while preserving the existing master key and output salt.
Preserving the master key + output salt means every key already derived from this profile (including age identities, ed25519 keys, AEAD keys stored elsewhere) continues to validate against the new profile. What changes is the set of providers that can unlock it.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
Types ¶
type Options ¶
type Options struct {
// Threshold is the new threshold. Zero means keep the current threshold.
Threshold int
// Keep is an explicit list of providers (as "type:id") to retain. If
// empty, all existing providers are kept (subject to Remove).
Keep []string
// Remove is the list of providers (as "type:id") to drop from the new
// profile.
Remove []string
// Add is the list of providers to enroll into the new profile, in the
// same "type" or "type:id" format that `cryptkey init --add` accepts.
Add []string
// NoTUI forces plain-line prompts for the unlock and enroll phases.
NoTUI bool
// NoBackup skips writing <profile>.toml.bak before the new profile is
// saved. The default is to write a backup.
NoBackup bool
// Timeout overrides the default hardware provider timeout during the
// unlock phase. Zero means use the provider's default.
Timeout time.Duration
}
Options controls a rekey invocation.
Source Files
Click to show internal directories.
Click to hide internal directories.