gpg-quorum/README.md
2021-08-01 01:33:23 +02:00

5.7 KiB

gpg-quorum

or: digital testament encryption management

needs:

Sometimes we find ourselves managing pieces of software/infrastructure/etc with all the passwords/knowledge and everything well encrypted,

the question I've asked myself is: what if for some reason we unwillingly disappear, what happens to all these data?

Maybe it's a shared service with others but on your machines, maybe it's your data that should be nice to make accessible to your significant other (but the other does not have a tech knowledge enough to be able to do it).

So I wanted something capable of encrypting a file/archive/furryporn/whatever in a way that it was encrypted for N persons but only a willi quorum of X persons was needed to decypher it.

I looked into "Shamir secret sharing" but I find that generating a new secret that should be distributed among the interested parties could be the key for failure.

requirements:

  • for encryption needs to use something you use (read: refresh) often
  • needs to be a technology/piece of software that should survive for some years
  • needs to be fairly customizable
  • needs to be mostrly hassle-free

output:

this bash script is set to take N recipients and encrypt four file to make sure only with the quorum of at least 3 recipients the file will be opened

the logic behind that is really simple, it generates the various possible unique combinations:

#the combination matrix for a quorum of 3 recipients on 5:
#recipients: A,B,C,D,E
#
#A,B,C
#A,B,D
#A,B,E
#A,C,D
#A,C,E
#A,D,E
#B,C,D
#B,C,E
#B,D,E
#C,D,E

in this way only if at least 3 recipients agree to decrypt the file they will be able to

requirements:

in the file emails.txt: list the recipient's emails you want encrypt for

in the main script gpg-quorum_3of5.sh: edit the debug variable to add your email address (if you want) for debugging purposes

usage:

./gpg-quorum_3of5.sh your_file_to_encrypt.ext

your output will be a file named

your_file_to_encrypt.ext.ENCRYPTED

thoughts:

I think that the archive or file encrypted with this method should be offline and held by a person that's not one of the ones that can decrypt the file, or could be online but protected by a symmetric password so only another party can make the data available to be decrypted. I don't have a clear idea about that right now.

weakness:

tech-wise should be pretty solid (it's a file encrypted multiple times with gpg, if you think differently please let me know), human wise it might be prone to the "agree" attack if the encrypted file is online or reachable, where you are alice and well but the needed number of recipients decrypt the file and access the data.

customization:

see the example in _Examples/gpg-quorum_4of5.sh

if you want to increase the number of people needed to decrypt the file to 4 for example, edit this block of code from:

#main loop:
for ((idxA=0; idxA<max; idxA++)); do              # iterate idxA from 0 to length
  for ((idxB=idxA; idxB<max; idxB++)); do         # iterate idxB from idxA to length
    for ((idxC=idxB; idxC<max; idxC++)); do         # iterate idxC from idxB to length

      if [ "${emails[$idxA]}" == "${emails[$idxB]}" ] || [ "${emails[$idxB]}" == "${emails[$idxC]}" ] || [ "${emails[$idxA]}" == "${emails[$idxC]}" ]; then

        echo "A, B or C are the same"
        continue

      else
        #custom execution for first run:
        if [ "$counter" == 0 ]; then
          gpg -ea -r "${emails[$idxA]}" -r "${emails[$idxB]}" -r "${emails[$idxC]}" "$debug" --output $workdir/$file.step$counter $file

        #custom execution for last run:
        elif [ "$counter" == $((ans-1)) ]; then
          gpg -ea -r "${emails[$idxA]}" -r "${emails[$idxB]}" -r "${emails[$idxC]}" "$debug" --output $file.ENCRYPTED $workdir/$file.step$((counter-1))

        #normal execution:
        else
          gpg -ea -r "${emails[$idxA]}" -r "${emails[$idxB]}" -r "${emails[$idxC]}" "$debug" --output $workdir/$file.step$counter $workdir/$file.step$((counter-1))

        fi
        #increase loop counter:
        ((counter++))

      fi
    done
  done
done

#main loop:
for ((idxA=0; idxA<max; idxA++)); do              # iterate idxA from 0 to length
  for ((idxB=idxA; idxB<max; idxB++)); do         # iterate idxB from idxA to length
    for ((idxC=idxB; idxC<max; idxC++)); do         # iterate idxC from idxB to length
      for ((idxD=idxC; idxD<max; idxD++)); do         # iterate idxD from idxC to length

        if [ "${emails[$idxA]}" == "${emails[$idxB]}" ] || [ "${emails[$idxB]}" == "${emails[$idxC]}" ] || [ "${emails[$idxA]}" == "${emails[$idxC]}" ] || [ "${emails[$idxA]}" == "${emails[$idxD]}" ] || [ "${emails[$idxB]}" == "${emails[$idxD]}" ] || [ "${emails[$idxC]}" == "${emails[$idxD]}" ]; then

          #echo "A, B, C or D are the same"
          continue

        else
          #custom execution for first run:
          if [ "$counter" == 0 ]; then
            gpg -ea -r "${emails[$idxA]}" -r "${emails[$idxB]}" -r "${emails[$idxC]}" -r "${emails[$idxD]}" "$debug" --output $workdir/$file.step$counter $file

          #custom execution for last run:
          elif [ "$counter" == $((ans-1)) ]; then
            gpg -ea -r "${emails[$idxA]}" -r "${emails[$idxB]}" -r "${emails[$idxC]}" -r "${emails[$idxD]}" "$debug" --output $file.ENCRYPTED $workdir/$file.step$((counter-1))

          #normal execution:
          else
            gpg -ea -r "${emails[$idxA]}" -r "${emails[$idxB]}" -r "${emails[$idxC]}" -r "${emails[$idxD]}" "$debug" --output $workdir/$file.step$counter $workdir/$file.step$((counter-1))

          fi
          #increase loop counter:
          ((counter++))

        fi
      done
    done
  done
done

and then adjust the variable "combinate" to 4:

combinate=4

thanks to:

  • encrypt