189 lines
6 KiB
Markdown
189 lines
6 KiB
Markdown
# gpg-quorum
|
|
|
|
or: digital testament encryption management
|
|
|
|
|
|
|
|
### needs:
|
|
|
|
Sometimes we find ourselves managing pieces of software/infrastructure/etc with all the passwords/knowledge and everything well encrypted,
|
|
|
|
the question I've asked myself is: what if for some reason we unwillingly disappear, what happens to all these data?
|
|
|
|
Maybe it's a shared service with others but on your machines, maybe it's your data that should be nice to make accessible to your significant other (but the other does not have a tech knowledge enough to be able to do it).
|
|
|
|
So I wanted something capable of encrypting a file/archive/furryporn/whatever in a way that it was encrypted for N persons but only a willi quorum of X persons was needed to decypher it.
|
|
|
|
I looked into "Shamir secret sharing" but I find that generating a new secret that should be distributed among the interested parties could be the key for failure.
|
|
|
|
|
|
|
|
### requirements:
|
|
|
|
* for encryption needs to use something you use (read: refresh) often
|
|
* needs to be a technology/piece of software that should survive for some years
|
|
* needs to be fairly customizable
|
|
* needs to be mostrly hassle-free
|
|
|
|
|
|
|
|
### output:
|
|
|
|
this bash script is set to take N recipients and encrypt four file to make sure only with the quorum of at least 3 recipients the file will be opened
|
|
|
|
the logic behind that is really simple, it generates the various possible unique combinations:
|
|
|
|
```
|
|
#the combination matrix for a quorum of 3 recipients on 5:
|
|
#recipients: A,B,C,D,E
|
|
#
|
|
#A,B,C
|
|
#A,B,D
|
|
#A,B,E
|
|
#A,C,D
|
|
#A,C,E
|
|
#A,D,E
|
|
#B,C,D
|
|
#B,C,E
|
|
#B,D,E
|
|
#C,D,E
|
|
```
|
|
|
|
in this way only if at least 3 recipients agree to decrypt the file they will be able to
|
|
|
|
|
|
|
|
### requirements:
|
|
|
|
in the file emails.txt:
|
|
list the recipient's emails you want encrypt for
|
|
|
|
in the main script gpg-quorum_3of5.sh:
|
|
edit the debug variable to add your email address (if you want) for debugging purposes
|
|
|
|
|
|
|
|
### usage:
|
|
|
|
./gpg-quorum_3of5.sh your_file_to_encrypt.ext
|
|
|
|
your output will be a file named
|
|
|
|
your_file_to_encrypt.ext.ENCRYPTED
|
|
|
|
|
|
|
|
### decryption:
|
|
|
|
the process is tedious and not automated,
|
|
|
|
that's intended so: NOTABUG WONTFIX
|
|
|
|
the idea is that the decryption is a last resort to access your data, so it might be ok if the process is long, and I suppose the file should have to be moved between different machines..
|
|
|
|
|
|
### thoughts:
|
|
|
|
I think that the archive or file encrypted with this method should be offline and held by a person that's not one of the ones that can decrypt the file,
|
|
or could be online but protected by a symmetric password so only another party can make the data available to be decrypted.
|
|
|
|
I don't have a clear idea about that right now.
|
|
|
|
|
|
### weakness:
|
|
|
|
tech-wise should be pretty solid (it's a file encrypted multiple times with gpg, if you think differently please let me know),
|
|
|
|
human wise it might be prone to the "agree" attack if the encrypted file is online or reachable, where you are alive and well but the needed number of recipients decrypt the file and access the data.
|
|
|
|
|
|
|
|
### customization:
|
|
|
|
see the example in _Examples/gpg-quorum_4of5.sh
|
|
|
|
if you want to increase the number of people needed to decrypt the file to 4 for example,
|
|
edit this block of code from:
|
|
|
|
```
|
|
#main loop:
|
|
for ((idxA=0; idxA<max; idxA++)); do # iterate idxA from 0 to length
|
|
for ((idxB=idxA; idxB<max; idxB++)); do # iterate idxB from idxA to length
|
|
for ((idxC=idxB; idxC<max; idxC++)); do # iterate idxC from idxB to length
|
|
|
|
if [ "${emails[$idxA]}" == "${emails[$idxB]}" ] || [ "${emails[$idxB]}" == "${emails[$idxC]}" ] || [ "${emails[$idxA]}" == "${emails[$idxC]}" ]; then
|
|
|
|
#echo "A, B or C are the same"
|
|
continue
|
|
|
|
else
|
|
#custom execution for first run:
|
|
if [ "$counter" == 0 ]; then
|
|
gpg -ea -r "${emails[$idxA]}" -r "${emails[$idxB]}" -r "${emails[$idxC]}" "$debug" --output $workdir/$file.step$counter $file
|
|
|
|
#custom execution for last run:
|
|
elif [ "$counter" == $((ans-1)) ]; then
|
|
gpg -ea -r "${emails[$idxA]}" -r "${emails[$idxB]}" -r "${emails[$idxC]}" "$debug" --output $file.ENCRYPTED $workdir/$file.step$((counter-1))
|
|
|
|
#normal execution:
|
|
else
|
|
gpg -ea -r "${emails[$idxA]}" -r "${emails[$idxB]}" -r "${emails[$idxC]}" "$debug" --output $workdir/$file.step$counter $workdir/$file.step$((counter-1))
|
|
|
|
fi
|
|
#increase loop counter:
|
|
((counter++))
|
|
|
|
fi
|
|
done
|
|
done
|
|
done
|
|
|
|
```
|
|
|
|
```
|
|
#main loop:
|
|
for ((idxA=0; idxA<max; idxA++)); do # iterate idxA from 0 to length
|
|
for ((idxB=idxA; idxB<max; idxB++)); do # iterate idxB from idxA to length
|
|
for ((idxC=idxB; idxC<max; idxC++)); do # iterate idxC from idxB to length
|
|
for ((idxD=idxC; idxD<max; idxD++)); do # iterate idxD from idxC to length
|
|
|
|
if [ "${emails[$idxA]}" == "${emails[$idxB]}" ] || [ "${emails[$idxB]}" == "${emails[$idxC]}" ] || [ "${emails[$idxA]}" == "${emails[$idxC]}" ] || [ "${emails[$idxA]}" == "${emails[$idxD]}" ] || [ "${emails[$idxB]}" == "${emails[$idxD]}" ] || [ "${emails[$idxC]}" == "${emails[$idxD]}" ]; then
|
|
|
|
#echo "A, B, C or D are the same"
|
|
continue
|
|
|
|
else
|
|
#custom execution for first run:
|
|
if [ "$counter" == 0 ]; then
|
|
gpg -ea -r "${emails[$idxA]}" -r "${emails[$idxB]}" -r "${emails[$idxC]}" -r "${emails[$idxD]}" "$debug" --output $workdir/$file.step$counter $file
|
|
|
|
#custom execution for last run:
|
|
elif [ "$counter" == $((ans-1)) ]; then
|
|
gpg -ea -r "${emails[$idxA]}" -r "${emails[$idxB]}" -r "${emails[$idxC]}" -r "${emails[$idxD]}" "$debug" --output $file.ENCRYPTED $workdir/$file.step$((counter-1))
|
|
|
|
#normal execution:
|
|
else
|
|
gpg -ea -r "${emails[$idxA]}" -r "${emails[$idxB]}" -r "${emails[$idxC]}" -r "${emails[$idxD]}" "$debug" --output $workdir/$file.step$counter $workdir/$file.step$((counter-1))
|
|
|
|
fi
|
|
#increase loop counter:
|
|
((counter++))
|
|
|
|
fi
|
|
done
|
|
done
|
|
done
|
|
done
|
|
|
|
```
|
|
|
|
and then adjust the variable "combinate" to 4:
|
|
```
|
|
combinate=4
|
|
```
|
|
|
|
|
|
|
|
### thanks to:
|
|
|
|
* encrypt
|