Project

trustworthy

0.01
No commit activity in last 3 years
No release in over 3 years
trustworthyjtdowney/trustworthyHomepageDocumentationSource CodeBug TrackerWiki
Implements a special case (k = 2) of Adi Shamir's secret sharing algorithm. This allows secret files to be encrypted on disk and require two secret holders to decrypt it.
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
 Popularity
Downloads
22,577
Stars
17
Forks
2
Watchers
3
 Releases
Current version
0.6.0
Total releases
9
First release
2012-08-17
Latest release
2018-04-24
 Issues
Open Issues
1
Closed Issues
1
Total Issues
2
Issue Closure Rate
50%
 Pull Requests
Open Pull Requests
0
Closed Pull Requests
0
Merged Pull Requests
2
Pull Request Acceptance Rate
100%
 Development
Primary Language
Ruby
Licenses
MIT
Average date of last 50 commits
2015-10-25
Reverse Dependencies
0

 Dependencies

Development

rake
= 12.1.0
rspec
= 3.7.0
rubocop
= 0.50.0
test_construct
= 2.0.1
timecop
= 0.9.1

Runtime

aead
~> 1.8
highline
~> 1.7
hkdf
~> 0.3.0
scrypt
~> 3.0
 Project Readme

Trustworthy Build Status

Implements a special case (k = 2) of Adi Shamir's secret sharing algorithm. This allows secret files to be encrypted on disk and require two secret holders to decrypt it.

Usage

Generate a new master key

trustworthy init

This will create a new master key and ask for two users to be added who can decrypt the master key. The information about users and secrets is stored in trustworthy.yml. With all trustworthy commands you can also specify the configuration file to work with using -c or --config.

trustworthy init -c myconfig.yml

Add an additional user key to the master key

trustworthy add-key

The master key will be loaded so that a new user key can be added to the configuration.

Encrypt a file

trustworthy encrypt foo.txt

The master key will be loaded and then used to encrypt the file specified.

Decrypt a file

trustworthy decrypt foo.txt.tw

Decrypting works similar to encrypting, first the master key will be loaded and then used to decrypt the file.

Configuration format

The configuration uses ruby's YAML::Store to provide a simple transactional data store. The salt is used in combination with the user password to derive a key using scrypt. That derived key encrypts the point for Shamir's algorithm.

---
a-user:
  salt: 400$8$23$38f426136db22836
  encrypted_point: dzVzPvuzKsTJ7coFLki8tQ==--vGto+f9sQhRuPb+47rUI4oSZ7gaPGKiQtBIwB//wTcvuJOm9gyrLrjH74RKKJlkScBvYuMfnhQyn9T1bIw9obsBs4YsF8VxCsDPG26Ci82n9qOENod2pP4xVzmC4VWCnbi7Y4jS+Rgsq6xp3L2zG6Ci0GWO1bSQO8hFzaMpBiCirqMAGHf0m6Yzqu6h5NFtygcyNyxAY8YxX1oxa6Bj5UwefDKplVGTI0ZbQn9vtdwKFuwXZsv11g5+zLvvq54Z2UZ/AZu/scnhXopL5IZkiclTtX8LUi9Dob3Xpqtf6WXymudvVMG0JaxkUqqRCyWtLSFE3sNdwv+877cS8PglTIKxXIZTIh7FzdEgkLSStGnw=
another-user:
  salt: 400$8$23$df3b3153ee94da81
  encrypted_point: Shx/GRuOYz+Ts/5f5z1yDw==--1ulNtnX6Zi3z0t12TiCItE5H5dhZZONKcgt6yq1g2prJWd1q5c9ArL10BtK/9lSPoXMsyO8rURKZ3pCM4hzW043B1ksJQtyg6O71ilnSvP+4Yty8oH0SW67cGSgfkfUc0UkfcE2Osfy/YVkP/HH47qTLNTg406uJ2uWjb6OkW8sjD+mq3hp8tehyy20tEBhqyM0UOSCpvhb+EgFfYFDeG+8Gj+r4lfcdqJJvzcy5U17tpYknQm/WbnmIkvgZRFGH/NIthJdPnK43SsdPbVcSHdkw71urJ3pBmgCmyTFcdmpiSl/t1rG09f2KT63YDF+4YUSn1fuIFZXbrLez59svHbKnQ8YHvt9pCXiQHelk8Sk=

Reference