Tools to make secret sharing easier.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

187 lines
6.5 KiB

\input texinfo
@settitle The Gfsecret Manual
@include version.texi
This is the manual for Gfsecret (version @value{VERSION}, last updated
Copyright @copyright{} 2017 Damien Goutte-Gattat
Permission is granted to copy, distribute and/or modify this document
under the terms of the GNU Free Documentation License, Version 1.3 or
any later version published by the Free Software Foundation; with no
Invariant Sections, with no Front-Cover Texts, and with no Back-Cover
Texts. A copy of the license is included in the section entitled ``GNU
Free Documentation License''.
@end quotation
@end copying
@title Gfsecret
@subtitle for version @value{VERSION}, @value{UPDATED}
@author Damien Goutte-Gattat (@email{})
@vskip 0pt plus 1filll
@end titlepage
@node Top
@top Gfsecret
This manual is for Gfsecret (version @value{VERSION}, @value{UPDATED}).
@end ifnottex
* Introduction::
* The share URI syntax::
* The Gfsecret configuration file::
* GNU Free Documentation License::
* Index::
@end menu
@node Introduction
@chapter Introduction
You may have some important files that you both don't want to lose and
don't want to fall into any other hands than yours. It may be files
containing your OpenPGP private keys, the file containing all your
online passwords, the file describing your plan for total world
domination, whatever.
Such files pose an interesting problem. Obviously, you have to backup
them to avoid losing them, but any supplementary copy gives your
adversary one more opportunity to grab your secret.
* Adi Shamir's Secret Sharing::
* Overview of Gfsecret::
@end menu
@node Adi Shamir's Secret Sharing
@section Adi Shamir's Secret Sharing
A secret sharing scheme is precisely what you need to fulfill both of
the contradictory goals.
The Adi Shamir's secret sharing scheme, devised by the famous
cryptographer Adi Shamir (the ``A'' in the RSA public cryptography
algorithm) in 1979, relies on the fact that @math{n + 1} points are
required to uniquely define a curve corresponding to a polynom of order
To illustrate the scheme, let's say you want to share a secret value
@math{b} in two or more shares, so that at least two shares are needed
to reconstitute the secret. You will define a curve of the form
@math{f(x) = ax + b}, where @math{a} is a randomly chosen coefficient
and @math{b} (the secret value) is the y coordinate where the curve
intersects the Y axis.
A share is then a point on that curve, that is, a couple @math{x, f(x)}.
If you have only one point, there's no way for you to know what the
curve is, and where it intersects the Y axis, because there's an
infinity of curves passing through this point.
As soon as you have (at least) two points, however, you have all the
information that you need: there's only one straight curve passing
through two distinct points, and you can trace it, and trivially find
where it intersects the Y axis (and thus retrieve the secret value).
@node Overview of Gfsecret
@section Overview of Gfsecret
Gfsecret implements the Adi Shamir's secret sharing scheme to allow its
user to split a secret file into a given number of @emph{shares}, to
dispatch the shares onto several external storage devoces such as USB
sticks, and to temporarily reconstruct the original file when needed.
Gfsecret comprises two programs: @command{gfsec-split} splits a secret
file into shares and dispatches them, leaving behind a configuration
file describing the location of the shares; @command{fgsec-use} reads
the configuration file left by @command{gfsec-split}, attempts to fetch
the shares, and reconstructs the secret file if enough shares are
available. If the reconstruction is successful, @command{gfsec-use}
will then execute a single command (or start a new interactive shell if
the user didn't specify any command), and remove the reconstructed
secret once that command terminates.
@node The share URI syntax
@chapter The share URI syntax
Both @command{gfsec-split} and @command{gfsec-use} use the concept of a
@emph{share URI} to describe and represent shares. A share URI is an
URI-like string of the form @samp{scheme://authority/path?parameters}.
The @var{scheme} part indicates the method to use to access the share.
It can be: @samp{file} for a share on the local filesystem; @samp{label}
for a share on an external volume identified by its label; @samp{uuid}
for a share on an external volume identified by its UUID; or @samp{mtp}
for a share on a MTP-compliant device identified by its serial number.
The @var{authority} part identifies the storage device. It should be
empty when using the @samp{file://} scheme (although for consistency
with other uses of that scheme by other programs, it is permitted to
specify @samp{localhost}). It represents the volume's label when using
the @samp{label://} scheme, the volume's UUID when using the
@samp{uuid://} scheme, and the device's serial number when using the
@samp{mtp://} scheme.
The @var{path} part is the pathname to the share file on the device.
The filename itself should end with a numeric extension representing the
share number (needed by @command{gfsec-use} to appropriately reconstruct
the secret). That share number is automatically determined and appended
to the original filename by @command{gfsec-split}.
Finally, the optional @var{parameters} part may contains options
expressed as @samp{key=value} pairs. Currently, valid options are
@samp{sha256}, which specifies a SHA2-256 hash that the share should
match (@command{gfsec-use} will refuse to use the share otherwise), and
@samp{share=no}, which indicates that the corresponding share actually
contains the whole secret.
@node The Gfsecret configuration file
@chapter The Gfsecret configuration file
The @command{gfsec-use} program needs a configuration file to reconstruct a
secret from a list of shares. This file is automatically generated by
It contains @samp{key=value} pairs, one per line. Blank lines are
ignored, as well as lines starting with a @samp{#} character.
The @samp{OUTFILE} key specifies the pathname to the file where the
reconstructed secret is to be stored.
The @samp{MINSHARES} key indicates the lowest number of shares required
to reconstruct the secret.
The @samp{URI} key contains an URI representing a share, as described
previously in @ref{The share URI syntax}.
@end itemize
@node GNU Free Documentation License
@appendix GNU Free Documentation License
@include fdl.texi
@node Index
@unnumbered Index
@printindex cp