ssss(1) General Commands Manual ssss(1)NAME
ssss - Split and Combine Secrets using Shamir's Secret Sharing Scheme.
SYNOPSIS
ssss-split -t threshold -n shares [-w token] [-s level] [-x] [-q] [-Q] [-D] [-v]
ssss-combine -t threshold [-x] [-q] [-Q] [-D] [-v]
DESCRIPTION
ssss is an implementation of Shamir's Secret Sharing Scheme. The program suite does both: the generation of shares for a known secret, and
the reconstruction of a secret using user-provided shares.
COMMANDS
ssss-split: prompt the user for a secret and generate a set of corresponding shares.
ssss-combine: read in a set of shares and reconstruct the secret.
OPTIONS -t threshold
Specify the number of shares necessary to reconstruct the secret.
-n shares
Specify the number of shares to be generated.
-w token
Text token to name shares in order to avoid confusion in case one utilizes secret sharing to protect several independent secrets.
The generated shares are prefixed by these tokens.
-s level
Enforce the scheme's security level (in bits). This option implies an upper bound for the length of the shared secret (shorter
secrets are padded). Only multiples of 8 in the range from 8 to 1024 are allowed. If this option is ommitted (or the value given is
0) the security level is chosen automatically depending on the secret's length. The security level directly determines the length of
the shares.
-x Hex mode: use hexadecimal digits in place of ASCII characters for I/O. This is useful if one wants to protect binary data, like
block cipher keys.
-q Quiet mode: disable all unnecessary output. Useful in scripts.
-Q Extra quiet mode: like -q, but also suppress warnings.
-D Disable the diffusion layer added in version 0.2. This option is needed when shares are combined that where generated with ssss ver-
sion 0.1.
-v Print version information.
EXAMPLE
In case you want to protect your login password with a set of ten shares in such a way that any three of them can reconstruct the password,
you simply run the command
ssss-split -t 3 -n 10 -w passwd
To reconstruct the password pass three of the generated shares (in any order) to
ssss-combine -t 3
NOTES
To protect a secret larger than 1024 bits a hybrid technique has to be applied: encrypt the secret with a block cipher and apply secret
sharing to just the key. Among others openssl and gpg can do the encryption part:
openssl bf -e < file.plain > file.encrypted
gpg -c < file.plain > file.encrypted
SECURITY
ssss tries to lock its virtual address space into RAM for privacy reasons. But this may fail for two reasons: either the current uid
doesn't permit page locking, or the RLIMIT_MEMLOCK is set too low. After printing a warning message ssss will run even without obtaining
the desired mlock.
AUTHOR
This software (v0.5) was written in 2006 by B. Poettering (ssss AT point-at-infinity.org). Find the newest version of ssss on the project's
homepage: http://point-at-infinity.org/ssss/.
FURTHER READING
http://en.wikipedia.org/wiki/Secret_sharing
Manuals User ssss(1)
Check Out this Related Man Page
LIBGFSHARE(5) Shamir Secret Sharing in gf(2**8) LIBGFSHARE(5)NAME
gfshare_ctx_init_enc, etc. - Shamir Secret Sharing
SYNOPSIS
#include <libgfshare.h>
gfshare_ctx *gfshare_ctx_init_enc( unsigned char *sharenrs,
unsigned int sharecount,
unsigned char threshold,
unsigned int size );
gfshare_ctx *gfshare_ctx_init_dec( unsigned char *sharenrs,
unsigned int sharecount,
unsigned int size );
void gfshare_ctx_free( gfshare_ctx *ctx );
void gfshare_ctx_enc_setsecret( gfshare_ctx *ctx,
unsigned char *secret );
void gfshare_ctx_enc_getshare( gfshare_ctx *ctx,
unsigned char sharenr,
unsigned char *share );
void gfshare_ctx_dec_newshares( gfshare_ctx *ctx,
unsigned char *sharenrs );
void gfshare_ctx_dec_giveshare( gfshare_ctx *ctx,
unsigned char sharenr,
unsigned char *share );
void gfshare_ctx_dec_extract( gfshare_ctx *ctx,
unsigned char *secretbuf );
DESCRIPTION
The gfshare_ctx_init_enc() function returns a context object which can be used for encoding shares of a secret. The context encodes against
sharecount shares which are numbered in the array sharenrs. The secret is always size bytes long and the resultant shares will need at
least threshold of the shares present for recombination. It is critical that threshold be at least one lower than sharecount.
The gfshare_ctx_init_dec() function returns a context object which can be used to recombine shares to recover a secret. Each share and the
resulting secret will be size bytes long. The context can be used to recombine sharecount shares which are numbered in the sharenrs array.
The gfshare_ctx_free() function frees all the memory associated with a gfshare context including the memory belonging to the context
itself.
The gfshare_ctx_enc_setsecret() function provides the secret you wish to encode to the context. The secret will be copied into the internal
buffer of the library.
The gfshare_ctx_enc_getshare() function extracts a particular share from the context. The share buffer must be preallocated to the size of
the shares and the sharenr parameter is an index into the sharenrs array used to initialise the context
The gfshare_ctx_dec_newshares() function informs the decode context of a change in the share numbers available to the context. The number
of shares cannot be changed but the sharenrs can be zero to indicate that a particular share is missing currently.
The gfshare_ctx_dec_giveshare() function provides the decode context with a given share. The share number itself was previously provided in
a sharenrs array and the sharenr parameter is the index into that array of the number of the share being provided in the share memory
block.
The gfshare_ctx_dec_extract() function combines the provided shares to recalculate the secret. It is recommended that you mlock() the
secretbuf before calling this function, so that the recombined secret will never be written to swap. This may help to prevent a malicious
party discovering the content of your secret. You should also randomise the content of the buffer once you are finished using the recom-
bined secret.
ERRORS
Any function which can fail for any reason will return NULL on error.
AUTHOR
Written by Daniel Silverstone.
REPORTING BUGS
Report bugs against the libgfshare product on www.launchpad.net.
COPYRIGHT
Copyright (C) 2006 Daniel Silverstone.
This is free software. You may redistribute copies of it under the terms of the MIT licence (the COPYRIGHT file in the source distribu-
tion). There is NO WARRANTY, to the extent permitted by law.
SEE ALSO gfsplit(1), gfcombine(1), gfshare(7)1.0.5 February 2006 LIBGFSHARE(5)