lukasmalkmus/horcrux
A security question based secret sharing utility.
Table of Contents
- Introduction
- Usage
- Contributing
- License
Introduction
horcrux is a security question based secret sharing utility. The idea and
package code is inspired and mostly taken from the abandoned horcrux
package by Coda Hale.
horcrux splits a secret into multiple fragments and associates every fragment
with a security question. The answer to that question is used to encrypt the
fragment using ChaCha20Poly1305. Only a given number of fragments is needed to
fully restore the original secret.
Installation
Download and install the pre-compiled binary manually
Binary releases are available on GitHub Releases.
brew tap lukasmalkmus/tap
brew install horcrux
To update:
brew upgrade horcrux
Install using go get
go get -u github.com/lukasmalkmus/horcrux/cmd/horcrux
Install from source
git clone https://github.com/lukasmalkmus/horcrux.git
cd horcrux
make install # Build and install binary into $GOPATH
Run the Docker image
Docker images are available on the GitHub Container Registry.
docker pull ghcr.io/lukasmalkmus/horcrux
docker run ghcr.io/lukasmalkmus/horcrux
Validate installation
In all cases the installation can be validated by running horcrux -v
in the
terminal:
horcrux version 1.0.0
Usage
horcrux [flags] [commands]
Help on flags and commands:
horcrux --help
As of today, the implementation isn't suitable for large files. Shamir's Secret
Sharing algorithm is very computation intesive and takes most of the time.
Below are some benchmarks (MacBook Pro, 2,8 GHz Quad-Core i7, 16 GB):
name time/op
Split64KB-8 364ms ± 6%
Split1MB-8 476ms ± 1%
Split128MB-8 18.4s ± 1%
Split1GB-8 160s ± 8%
name alloc/op
Split64KB-8 135MB ± 0%
Split1MB-8 145MB ± 0%
Split128MB-8 1.48GB ± 0%
Split1GB-8 10.9GB ± 0%
name allocs/op
Split64KB-8 65.6k ± 0%
Split1MB-8 1.05M ± 0%
Split128MB-8 134M ± 0%
Split1GB-8 1.07G ± 0%
Splitting a 1GB file takes up to 3 minutes. Also the memory consumption is a lot
higher than the size of the file which is being processed. An io.Reader
based implementation is needed to fix this but this requires multiple tweaks,
especially to Shamir's Secret Sharing implementation.
Contributing
Feel free to submit PRs or to fill issues. Every kind of help is appreciated.
Before committing, make
should run without any issues.
License
© Lukas Malkmus, 2021
Distributed under MIT License (The MIT License
).
See LICENSE for more information.