KiKaSS: k-key secret sharing
KiKaSS is a secret encryption and deconstruction application. If you have a secret (password, encryption key, etc.), KKSS can decompose it into an arbitrary number of partial-keys, of which an arbitrary-sized subset is required to reconstruct the original key.
For example: 8 people need access to a safe. However, at least 3 people must be present to unlock it--no individual can open it alone.
The core functionality depends heavily on Shamir's Secret Sharing Scheme.
For larger secrets (messages, documents, etc.), we use symmetric encryption; partial key distributed to users are decomposed AES keys.
- Cryptographic security
- Transparency
- Do as much work client-side as possible
- Never send or store anything unencrypted
- Minimize surface area, e.g. against man-in-the-middle
- Clients shouldn't be required to trust our server
- Usability
- First you'll need to install neccessary gems for the project by running:
bundle install
- Run the tests:
rake
- To run the application locally run the following from the kkss directory:
rake run
- Visit the application:
http://localhost:4567
- Obscure partial keys when entering
- Encrypt and store messages (in progress)
- Encrypt and store documents
- Diceware for keys
- P2P key entry (rather than single-station;
RTCDataChannelvia WebRTC) - When decomposing short secrets, should we pad them so the original secret length is not so clearly exposed (linear growth partial key length)?
- More flexible partial key hierarchy: e.g., decompose 8 partial keys, of which any 3 are needed to reconstruct the secret, but one of them
