6 KiB
gpg-quorum
or: digital testament encryption management
needs:
Sometimes we find ourselves managing pieces of software/infrastructure/etc with all the passwords/knowledge and everything well encrypted,
the question I've asked myself is: what if for some reason we unwillingly disappear, what happens to all these data?
Maybe it's a shared service with others but on your machines, maybe it's your data that should be nice to make accessible to your significant other (but the other does not have a tech knowledge enough to be able to do it).
So I wanted something capable of encrypting a file/archive/furryporn/whatever in a way that it was encrypted for N persons but only a willi quorum of X persons was needed to decypher it.
I looked into "Shamir secret sharing" but I find that generating a new secret that should be distributed among the interested parties could be the key for failure.
requirements:
- for encryption needs to use something you use (read: refresh) often
- needs to be a technology/piece of software that should survive for some years
- needs to be fairly customizable
- needs to be mostrly hassle-free
output:
this bash script is set to take N recipients and encrypt four file to make sure only with the quorum of at least 3 recipients the file will be opened
the logic behind that is really simple, it generates the various possible unique combinations:
#the combination matrix for a quorum of 3 recipients on 5:
#recipients: A,B,C,D,E
#
#A,B,C
#A,B,D
#A,B,E
#A,C,D
#A,C,E
#A,D,E
#B,C,D
#B,C,E
#B,D,E
#C,D,E
in this way only if at least 3 recipients agree to decrypt the file they will be able to
requirements:
in the file emails.txt: list the recipient's emails you want encrypt for
in the main script gpg-quorum_3of5.sh: edit the debug variable to add your email address (if you want) for debugging purposes
usage:
./gpg-quorum_3of5.sh your_file_to_encrypt.ext
your output will be a file named
your_file_to_encrypt.ext.ENCRYPTED
decryption:
the process is tedious and not automated,
that's intended so: NOTABUG WONTFIX
the idea is that the decryption is a last resort to access your data, so it might be ok if the process is long, and I suppose the file should have to be moved between different machines..
thoughts:
I think that the archive or file encrypted with this method should be offline and held by a person that's not one of the ones that can decrypt the file, or could be online but protected by a symmetric password so only another party can make the data available to be decrypted.
I don't have a clear idea about that right now.
weakness:
tech-wise should be pretty solid (it's a file encrypted multiple times with gpg, if you think differently please let me know),
human wise it might be prone to the "agree" attack if the encrypted file is online or reachable, where you are alive and well but the needed number of recipients decrypt the file and access the data.
customization:
see the example in _Examples/gpg-quorum_4of5.sh
if you want to increase the number of people needed to decrypt the file to 4 for example, edit this block of code from:
#main loop:
for ((idxA=0; idxA<max; idxA++)); do # iterate idxA from 0 to length
for ((idxB=idxA; idxB<max; idxB++)); do # iterate idxB from idxA to length
for ((idxC=idxB; idxC<max; idxC++)); do # iterate idxC from idxB to length
if [ "${emails[$idxA]}" == "${emails[$idxB]}" ] || [ "${emails[$idxB]}" == "${emails[$idxC]}" ] || [ "${emails[$idxA]}" == "${emails[$idxC]}" ]; then
#echo "A, B or C are the same"
continue
else
#custom execution for first run:
if [ "$counter" == 0 ]; then
gpg -ea -r "${emails[$idxA]}" -r "${emails[$idxB]}" -r "${emails[$idxC]}" "$debug" --output $workdir/$file.step$counter $file
#custom execution for last run:
elif [ "$counter" == $((ans-1)) ]; then
gpg -ea -r "${emails[$idxA]}" -r "${emails[$idxB]}" -r "${emails[$idxC]}" "$debug" --output $file.ENCRYPTED $workdir/$file.step$((counter-1))
#normal execution:
else
gpg -ea -r "${emails[$idxA]}" -r "${emails[$idxB]}" -r "${emails[$idxC]}" "$debug" --output $workdir/$file.step$counter $workdir/$file.step$((counter-1))
fi
#increase loop counter:
((counter++))
fi
done
done
done
#main loop:
for ((idxA=0; idxA<max; idxA++)); do # iterate idxA from 0 to length
for ((idxB=idxA; idxB<max; idxB++)); do # iterate idxB from idxA to length
for ((idxC=idxB; idxC<max; idxC++)); do # iterate idxC from idxB to length
for ((idxD=idxC; idxD<max; idxD++)); do # iterate idxD from idxC to length
if [ "${emails[$idxA]}" == "${emails[$idxB]}" ] || [ "${emails[$idxB]}" == "${emails[$idxC]}" ] || [ "${emails[$idxA]}" == "${emails[$idxC]}" ] || [ "${emails[$idxA]}" == "${emails[$idxD]}" ] || [ "${emails[$idxB]}" == "${emails[$idxD]}" ] || [ "${emails[$idxC]}" == "${emails[$idxD]}" ]; then
#echo "A, B, C or D are the same"
continue
else
#custom execution for first run:
if [ "$counter" == 0 ]; then
gpg -ea -r "${emails[$idxA]}" -r "${emails[$idxB]}" -r "${emails[$idxC]}" -r "${emails[$idxD]}" "$debug" --output $workdir/$file.step$counter $file
#custom execution for last run:
elif [ "$counter" == $((ans-1)) ]; then
gpg -ea -r "${emails[$idxA]}" -r "${emails[$idxB]}" -r "${emails[$idxC]}" -r "${emails[$idxD]}" "$debug" --output $file.ENCRYPTED $workdir/$file.step$((counter-1))
#normal execution:
else
gpg -ea -r "${emails[$idxA]}" -r "${emails[$idxB]}" -r "${emails[$idxC]}" -r "${emails[$idxD]}" "$debug" --output $workdir/$file.step$counter $workdir/$file.step$((counter-1))
fi
#increase loop counter:
((counter++))
fi
done
done
done
done
and then adjust the variable "combinate" to 4:
combinate=4
thanks to:
- encrypt