# gpg-quorum

or: digital testament encryption management

### needs:

I wanted something capable of encrypting a file/archive/furryporn/whatever in a way that it was encrypted for N persons but only a willi quorum of X persons was needed to decypher it.
I looked into "Shamir secret sharing" but I find that generating a new secret that should be distributed among the interested parties could be the key for failure.

### requirements:

* for encryption needs to use something you use (read: refresh) often
* needs to be a technology/piece of software that should survive for some years
* needs to be fairly customizable
* needs to be mostrly hassle-free

### output:

this bash script is set to take N recipients and encrypt four file to make sure only with the quorum of at least 3 recipients the file will be opened

the logic behind that is really simple:

```
#the combination matrix for a quorum of 3 recipients on 5:
#recipients: A,B,C,D,E
#
#A,B,C
#A,B,D
#A,B,E
#A,C,D
#A,C,E
#A,D,E
#B,C,D
#B,C,E
#B,D,E
#C,D,E
```


### requirements:

in the file emails.txt:
list the recipient's emails you want encrypt for

in the main script gpg-quorum_3of5.sh:
edit the debug variable to add your email address (if you want) for debugging purposes

### usage:

 ./gpg-quorum_3of5.sh your_file_to_encrypt.ext

your output will be a file named

 your_file_to_encrypt.ext.ENCRYPTED

### customization:

if you want to increase the number of people needed to decrypt the file to 4 for example,
edit this block of code from:

```
#main loop:
for ((idxA=0; idxA<max; idxA++)); do              # iterate idxA from 0 to length
  for ((idxB=idxA; idxB<max; idxB++)); do         # iterate idxB from idxA to length
    for ((idxC=idxB; idxC<max; idxC++)); do         # iterate idxC from idxB to length

      if [ "${emails[$idxA]}" == "${emails[$idxB]}" ] || [ "${emails[$idxB]}" == "${emails[$idxC]}" ] || [ "${emails[$idxA]}" == "${emails[$idxC]}" ]; then

        echo "A, B or C are the same"
        continue

      else
        #custom execution for first run:
        if [ "$counter" == 0 ]; then
          gpg -ea -r "${emails[$idxA]}" -r "${emails[$idxB]}" -r "${emails[$idxC]}" "$debug" --output $workdir/$file.step$counter $file

        #custom execution for last run:
        elif [ "$counter" == $((ans-1)) ]; then
          gpg -ea -r "${emails[$idxA]}" -r "${emails[$idxB]}" -r "${emails[$idxC]}" "$debug" --output $file.ENCRYPTED $workdir/$file.step$((counter-1))

        #normal execution:
        else
          gpg -ea -r "${emails[$idxA]}" -r "${emails[$idxB]}" -r "${emails[$idxC]}" "$debug" --output $workdir/$file.step$counter $workdir/$file.step$((counter-1))

        fi
        #increase loop counter:
        ((counter++))

      fi
    done
  done
done

```

```
#main loop:
for ((idxA=0; idxA<max; idxA++)); do              # iterate idxA from 0 to length
  for ((idxB=idxA; idxB<max; idxB++)); do         # iterate idxB from idxA to length
    for ((idxC=idxB; idxC<max; idxC++)); do         # iterate idxC from idxB to length
      for ((idxD=idxC; idxD<max; idxD++)); do         # iterate idxD from idxC to length

        if [ "${emails[$idxA]}" == "${emails[$idxB]}" ] || [ "${emails[$idxB]}" == "${emails[$idxC]}" ] || [ "${emails[$idxA]}" == "${emails[$idxC]}" ] || [ "${emails[$idxA]}" == "${emails[$idxD]}" ] || [ "${emails[$idxB]}" == "${emails[$idxD]}" ] || [ "${emails[$idxC]}" == "${emails[$idxD]}" ]; then

          #echo "A, B, C or D are the same"
          continue

        else
          #custom execution for first run:
          if [ "$counter" == 0 ]; then
            echo "gpg -ea -r "${emails[$idxA]}" -r "${emails[$idxB]}" -r "${emails[$idxC]}" -r "${emails[$idxD]}" "$debug" --output $workdir/$file.step$counter $file"

          #custom execution for last run:
          elif [ "$counter" == $((ans-1)) ]; then
            echo "gpg -ea -r "${emails[$idxA]}" -r "${emails[$idxB]}" -r "${emails[$idxC]}" -r "${emails[$idxD]}" "$debug" --output $file.ENCRYPTED $workdir/$file.step$((counter-1))"

          #normal execution:
          else
            echo "gpg -ea -r "${emails[$idxA]}" -r "${emails[$idxB]}" -r "${emails[$idxC]}" -r "${emails[$idxD]}" "$debug" --output $workdir/$file.step$counter $workdir/$file.step$((counter-1))"

          fi
          #increase loop counter:
          ((counter++))

        fi
      done
    done
  done
done

```

and then adjust the variable "combinate" to 4:
```
combinate=4
```