/shamir

🔑 Split and combine secrets using Shamir's Secret Sharing algorithm

Primary LanguageGoCreative Commons Zero v1.0 UniversalCC0-1.0

shamir

Split and combine secrets using Shamir's Secret Sharing algorithm

Table of Contents

Description

Featuring UNIX-style composability, this command-line tool facilitates splitting and combining secrets using HashiCorp Vault's implementation of Shamir's Secret Sharing algorithm.

Background

Formulated by Adi Shamir (the S in RSA) in his 1979 paper “How to share a secret”, Shamir's Secret Sharing is an algorithm that allows you to split a secret (e.g. a symmetric encryption key) into $n$ shares, which can be combined later to reconstruct that secret.

Diagram

Not all shares need to be present for a successful reconstruction, but actually any subset thereof with a size greater than or equal to the minimum threshold $k$, where $2 \le k \le n$. The algorithm mathematically guarantees that knowledge of $k - 1$ shares reveals absolutely no information about the original secret.

Installation

Platform Package manager Command
Linux, macOS Homebrew $ brew install incipher/tap/shamir

Usage

Interactive

$ shamir split -n 5 -k 3
Secret: ************************
b55fcb1a94ea9036976b6715557df1f7a9594aa28c0c8ddc76
c7b340426663c59cca8f279d556846374b6180a893237e3188
be5beb08533a4a3611c46e9d971127ff59b77873995df6610b
932711479caee6016bdac5fafe00ef52911a60b48762356ae6
01bd0f50b71c9fa3b3e6098ebaad87d52372cfe5b91b1762d8

$ shamir combine -k 3
Share #1: b55fcb1a94ea9036976b6715557df1f7a9594aa28c0c8ddc76
Share #2: be5beb08533a4a3611c46e9d971127ff59b77873995df6610b
Share #3: 01bd0f50b71c9fa3b3e6098ebaad87d52372cfe5b91b1762d8
SayHelloToMyLittleFriend

Non-interactive

$ echo "SayHelloToMyLittleFriend" | shamir split -n 5 -k 3 > shares.txt
Secret: ************************

$ head -n 3 shares.txt | shamir combine -k 3
SayHelloToMyLittleFriend

License

CC0