README
¶
lukasmalkmus/horcrux
A security question based secret sharing utility.
Table of Contents
Introduction
horcrux is a security question based secret sharing utility. The idea and package code is inspired and mostly taken from the abandoned horcrux package by Coda Hale.
horcrux splits a secret into multiple fragments and associates every fragment with a security question. The answer to that question is used to encrypt the fragment using ChaCha20Poly1305. Only a given number of fragments is needed to fully restore the original secret.
Installation
Download and install the pre-compiled binary manually
Binary releases are available on GitHub Releases.
Install using Homebrew
brew tap lukasmalkmus/tap
brew install horcrux
To update:
brew upgrade horcrux
Install using go get
go get -u github.com/lukasmalkmus/horcrux/cmd/horcrux
Install from source
git clone https://github.com/lukasmalkmus/horcrux.git
cd horcrux
make install # Build and install binary into $GOPATH
Run the Docker image
Docker images are available on the GitHub Container Registry.
docker pull ghcr.io/lukasmalkmus/horcrux
docker run ghcr.io/lukasmalkmus/horcrux
Validate installation
In all cases the installation can be validated by running horcrux -v in the
terminal:
horcrux version 1.0.0
Usage
horcrux [flags] [commands]
Help on flags and commands:
horcrux --help
Performance
As of today, the implementation isn't suitable for large files. Shamir's Secret Sharing algorithm is very computation intesive and takes most of the time. Below are some benchmarks (MacBook Pro, 2,8 GHz Quad-Core i7, 16 GB):
name time/op
Split64KB-8 364ms ± 6%
Split1MB-8 476ms ± 1%
Split128MB-8 18.4s ± 1%
Split1GB-8 160s ± 8%
name alloc/op
Split64KB-8 135MB ± 0%
Split1MB-8 145MB ± 0%
Split128MB-8 1.48GB ± 0%
Split1GB-8 10.9GB ± 0%
name allocs/op
Split64KB-8 65.6k ± 0%
Split1MB-8 1.05M ± 0%
Split128MB-8 134M ± 0%
Split1GB-8 1.07G ± 0%
Splitting a 1GB file takes up to 3 minutes. Also the memory consumption is a lot
higher than the size of the file which is being processed. An io.Reader
based implementation is needed to fix this but this requires multiple tweaks,
especially to Shamir's Secret Sharing implementation.
Contributing
Feel free to submit PRs or to fill issues. Every kind of help is appreciated.
Before committing, make should run without any issues.
License
© Lukas Malkmus, 2021
Distributed under MIT License (The MIT License).
See LICENSE for more information.
Documentation
¶
Overview ¶
Package horcrux is a security question based secret sharing utility.
A secret is split into multiple fragments and every fragment is associated with a security question. A key derived from the answer to that question is used to encrypt the fragment using ChaCha20Poly1305. Only a given number of fragments is needed to fully restore the original secret.
This package has not been audited by cryptography or security professionals.
Source Files
Directories
¶
| Path | Synopsis |
|---|---|
|
cmd
|
|
|
Package horcrux provides security question style secret recovery while preserving end-to-end cryptographic security.
|
Package horcrux provides security question style secret recovery while preserving end-to-end cryptographic security. |
|
Package shamir implements Shamir's Secret Sharing algorithmn.
|
Package shamir implements Shamir's Secret Sharing algorithmn. |