So, I accidentally ran the bundle-2-of-4.json when I deployed it with bundle-single. We need a way to verify that the shards that get produced are actually contributory to the secret we want to recreate. Shardfiles accomplish this at end-of-reconstitution by producing a root certificate that's also stored in the first metadata packet (decryptable by the root certificate), but that requires a full reconstitution.
There's a few options:
- Client sends up the hash it has for its bundle.json.
- Server sends down the hash it has for its bundle.json.
- We break apart keyfork-shard and get hashes for every share.
Options 1 and 2 are easily doable and assume that users who are valid for an enclave are not going to throw in evil shards. Option 3 is the "most" secure but requires cracking open keyfork-shard entirely.
So, I accidentally ran the bundle-2-of-4.json when I deployed it with bundle-single. We need a way to verify that the shards that get produced are actually contributory to the secret we want to recreate. Shardfiles accomplish this at end-of-reconstitution by producing a root certificate that's also stored in the first metadata packet (decryptable by the root certificate), but that requires a full reconstitution.
There's a few options:
* Client sends up the hash it has for its bundle.json.
* Server sends down the hash it has for its bundle.json.
* We break apart keyfork-shard and get hashes for every share.
Options 1 and 2 are easily doable and assume that users who are valid for an enclave are not going to throw in evil shards. Option 3 is the "most" secure but requires cracking open keyfork-shard entirely.