added to readme
This commit is contained in:
parent
bd4f155605
commit
4aca97019a
1 changed files with 14 additions and 2 deletions
16
README.md
16
README.md
|
@ -4,7 +4,10 @@ or: digital testament encryption management
|
||||||
|
|
||||||
### needs:
|
### needs:
|
||||||
|
|
||||||
I wanted something capable of encrypting a file/archive/furryporn/whatever in a way that it was encrypted for N persons but only a willi quorum of X persons was needed to decypher it.
|
Sometimes we find ourselves managing pieces of software/infrastructure/etc with all the passwords/knowledge and everything well encrypted,
|
||||||
|
the question I've asked myself is: what if for some reason we unwillingly disappear, what happens to all these data?
|
||||||
|
Maybe it's a shared service with others but on your machines, maybe it's your data that should be nice to make accessible to your significant other (but the other does not have a tech knowledge enough to be able to do it).
|
||||||
|
So I wanted something capable of encrypting a file/archive/furryporn/whatever in a way that it was encrypted for N persons but only a willi quorum of X persons was needed to decypher it.
|
||||||
I looked into "Shamir secret sharing" but I find that generating a new secret that should be distributed among the interested parties could be the key for failure.
|
I looked into "Shamir secret sharing" but I find that generating a new secret that should be distributed among the interested parties could be the key for failure.
|
||||||
|
|
||||||
### requirements:
|
### requirements:
|
||||||
|
@ -18,7 +21,7 @@ I looked into "Shamir secret sharing" but I find that generating a new secret th
|
||||||
|
|
||||||
this bash script is set to take N recipients and encrypt four file to make sure only with the quorum of at least 3 recipients the file will be opened
|
this bash script is set to take N recipients and encrypt four file to make sure only with the quorum of at least 3 recipients the file will be opened
|
||||||
|
|
||||||
the logic behind that is really simple:
|
the logic behind that is really simple, it generates the various possible unique combinations:
|
||||||
|
|
||||||
```
|
```
|
||||||
#the combination matrix for a quorum of 3 recipients on 5:
|
#the combination matrix for a quorum of 3 recipients on 5:
|
||||||
|
@ -36,6 +39,7 @@ the logic behind that is really simple:
|
||||||
#C,D,E
|
#C,D,E
|
||||||
```
|
```
|
||||||
|
|
||||||
|
in this way only if at least 3 recipients agree to decrypt the file they will be able to
|
||||||
|
|
||||||
### requirements:
|
### requirements:
|
||||||
|
|
||||||
|
@ -53,6 +57,14 @@ your output will be a file named
|
||||||
|
|
||||||
your_file_to_encrypt.ext.ENCRYPTED
|
your_file_to_encrypt.ext.ENCRYPTED
|
||||||
|
|
||||||
|
|
||||||
|
### thoughts:
|
||||||
|
|
||||||
|
I think that the archive or file encrypted with this method should be offline and held by a person that's not one of the ones that can decrypt the file,
|
||||||
|
or could be online but protected by a symmetric password so only another party can make the data available to be decrypted.
|
||||||
|
I don't have a clear idea about that right now.
|
||||||
|
|
||||||
|
|
||||||
### customization:
|
### customization:
|
||||||
|
|
||||||
if you want to increase the number of people needed to decrypt the file to 4 for example,
|
if you want to increase the number of people needed to decrypt the file to 4 for example,
|
||||||
|
|
Loading…
Reference in a new issue