ssss - Split and Combine Secrets using Shamir’s Secret Sharing Scheme.

NAME

       ssss  - Split and Combine Secrets using Shamir’s Secret Sharing Scheme.

SYNOPSIS

       ssss-split -t threshold -n shares [-w token] [-s level] [-x] [-q]  [-Q]
       [-D] [-v]

       ssss-combine -t threshold [-x] [-q] [-Q] [-D] [-v]

DESCRIPTION

       ssss  is  an  implementation  of  Shamir’s  Secret  Sharing Scheme. The
       program suite does both: the generation of shares for a  known  secret,
       and the reconstruction of a secret using user-provided shares.

COMMANDS

       ssss-split:  prompt  the  user  for  a  secret  and  generate  a set of
       corresponding shares.

       ssss-combine: read in a set of shares and reconstruct the secret.

OPTIONS

       -t threshold
              Specify the  number  of  shares  necessary  to  reconstruct  the
              secret.

       -n shares
              Specify the number of shares to be generated.

       -w token
              Text  token  to  name shares in order to avoid confusion in case
              one utilizes  secret  sharing  to  protect  several  independent
              secrets. The generated shares are prefixed by these tokens.

       -s level
              Enforce  the  scheme’s  security  level  (in  bits). This option
              implies an upper bound for  the  length  of  the  shared  secret
              (shorter  secrets  are padded). Only multiples of 8 in the range
              from 8 to 1024 are allowed. If this option is ommitted  (or  the
              value  given  is  0)  the security level is chosen automatically
              depending on the secret’s length. The  security  level  directly
              determines the length of the shares.

       -x     Hex  mode:  use  hexadecimal digits in place of ASCII characters
              for I/O. This is useful if one wants  to  protect  binary  data,
              like block cipher keys.

       -q     Quiet mode: disable all unnecessary output. Useful in scripts.

       -Q     Extra quiet mode: like -q, but also suppress warnings.

       -D     Disable the diffusion layer added in version 0.2. This option is
              needed when shares are combined that where generated  with  ssss
              version 0.1.

       -v     Print version information.

EXAMPLE

       In  case  you  want  to  protect  your login password with a set of ten
       shares in such a way  that  any  three  of  them  can  reconstruct  the
       password, you simply run the command

       ssss-split -t 3 -n 10 -w passwd

       To  reconstruct the password pass three of the generated shares (in any
       order) to

       ssss-combine -t 3

NOTES

       To protect a secret larger than 1024 bits a hybrid technique has to  be
       applied:  encrypt  the  secret  with  a  block  cipher and apply secret
       sharing to just the key. Among  others  openssl  and  gpg  can  do  the
       encryption part:

       openssl bf -e < file.plain > file.encrypted

       gpg -c < file.plain > file.encrypted

SECURITY

       ssss  tries  to  lock  its  virtual  address space into RAM for privacy
       reasons. But this may fail for two  reasons:  either  the  current  uid
       doesn’t  permit  page  locking,  or  the RLIMIT_MEMLOCK is set too low.
       After printing a warning message ssss will run even  without  obtaining
       the desired mlock.

AUTHOR

       This  software  (v0.5)  was  written  in 2006 by B. Poettering (ssss AT
       point-at-infinity.org).  Find  the  newest  version  of  ssss  on   the
       project’s homepage: http://point-at-infinity.org/ssss/.

NAME

SYNOPSIS

DESCRIPTION

COMMANDS

OPTIONS

EXAMPLE

NOTES

SECURITY

AUTHOR

FURTHER READING