A CLI tool for creating n
secret shares of data and combining exactly k
of those shares to
recover the data. The process for creating shares is as follows:
- Compress the secret data using Zstandard
- Create a 32-byte secret key using OsRng
- Encrypt the compressed secret using the ChaCha20-Poly1305 algorithm, with the secret key and a nonce of zero
- Create
n
113-byte shares of the secret key (followed by 32 bytes of zeroes to pad it up to 64 bytes) using Shamir Secret Sharing - Each secret key share is prepended to the encrypted payload
cargo install --git https://github.com/theodus/secret-sharing
secret-sharing create 3 2 <data.txt
produces 3 secret shares of the content ofdata.txt
, where 2 of the shares are required to recover the content ofdata.txt
secret-sharing combine <share1.hex <share2.hex
recovers 2 shares into the secret data, assuming the shares were created withk=2