Skip to content

foldager/secret-sharing

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

35 Commits
.github/workflows
.github/workflows
 
 
.flake8
.flake8
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
document.py
document.py
 
 
readme.md
readme.md
 
 
requirements.txt
requirements.txt
 
 
secret.py
secret.py
 
 
secret_test.py
secret_test.py
 
 

Repository files navigation

Build status

Secret sharing

Split recovery keys and other secrets.

Create pdfs for printing. Any two sheets of paper are and prindocuments

Task list

  • Secret splitting script
  • Secret joining script
  • Script that takes secret and creates multipage PDF. Any two pages can be used to re-create the secret.
  • Add metadata to document
    • Secret name
    • Description
    • Owner
    • Full list of confidants (Optional)
    • Selfdocumenting. Must contain enough detail that the secret can be recovered without access to script.
      • High level description of algorithm
        • bytes to b64 store string
        • checksum byte
      • Hand derived example(s)
    • Make a single pdf https://stackoverflow.com/questions/3444645/merge-pdf-files
  • Repo documentation
    • ...
  • Unit tests
  • Continous testing (github actions)
  • Checksum in storage string
  • Option to no leak secret in shell history
  • Error handling
    • Store string invalid -- cannot decode
    • combining: Secret is not valid utf8
    • Warn/error if the two shares are identical
  • Make pip-installable
  • Install CLI entrypoint
  • Make log(n) share pairs instead of n**2

Encoding


Input/output from app:
    Secret: str()
    splits: str(b64(checksum()))

Work with:
    bytes


    encode 

Operations

split(s)
join(s1, s2)

encode: b -> b
decode: b -> b

# Python Strings
encode: string -> bytes
decode: bytes -> string

Examples

The first example shows how to combine two secret shares to re-construct the secret.

% ./secret.py combine 6vn3jt/YF2T8CFFmyarX0bd7cM7oADKkRvI= ppaY5f+6cgyVZjVGvcKy8cQTFarI8K0A69w=
Look behind the shed 🤭

Split a secret in two and join the parts

% ./secret.py split "short secret"
Secret shares: qUCg1KvIkeSKf0YFPQ== 2ijPpt/o4oHpDSNxeQ==

% ./secret.py combine qUCg1KvIkeSKf0YFPQ== 2ijPpt/o4oHpDSNxeQ==
short secret

Mistyping a secret share will likely be caught by the checksum

% ./secret.py combine QUCg1KvIkeSKf0YFPQ== 2ijPpt/o4oHpDSNxeQ==
Store string 'QUCg1KvIkeSKf0YFPQ==' is corrupt or not entered correctly.

... Or the share will not be a valid b64 string

% ./secret.py combine UCg1KvIkeSKf0YFPQ== 2ijPpt/o4oHpDSNxeQ==
Invalid base64-encoded string: number of data characters (17) cannot be 1 more than a multiple of 4
Invalid/corrupted store string: UCg1KvIkeSKf0YFPQ==

% ./secret.py combine U-Cg1KvIkeSKf0YFPQ== 2ijPpt/o4oHpDSNxeQ==
Non-base64 digit found
Invalid/corrupted store string: U-Cg1KvIkeSKf0YFPQ==

In case you have gotten your hands on two secret shares that combine to bytes that are not valid utf-8, you will get a warning like this:

% ./secret.py combine 4q1P +Fig
Warning: The secret is not valid utf-8.
python bytes representation: b'\x1a\xf5'
Best effort uft-8 decoding:

About

No description, website, or topics provided.

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages