Secrets can be used to split a secret text into shares to be distributed to friends. When all friends agree, the shares can be combined to retrieve the original secret text, for instance to give consensual access to a lost pin, a password, a list of passwords, a private document or a key to an encrypted volume.
Secret sharing can be useful in many different situations and this tool is a simple and well documented free and open source implementation available for anyone to use from this website, but also independently on an offline PC.
For Secrets to be useful... one needs to have a secret :) don't be silly now, everyone has secrets. Lets say a backup of your passwords or a crypto wallet or a testament... remember it has to be just text and smaller than 1024 characters.
Then you need to have 5 trusted friends or colleagues (lets say trusted peers) who can agree on the need to access your secrets in certain circumstances, for your own well being or that of your family or organisation.
Clicking on Share Secrets you can paste the secret in the text form and click submit. In the blink of an eye our software will give you long strings of numbers and letters that can be distributed to all 5 trusted peers. Its just a text string so you can decide the best medium to transmit it, its also rather easy to dictate.
Take care to explain well the reason you are sharing this secret to all your trusted peers and the condition under which they shall meet again and combine all the shares to access the secret, which will be unknown to them until that moment. You need to trust them to respect your will on this, as they could also disregard the conditions and access your secret without your will.
Among the trusted peers holding your shared secret at least 3 can decide at any time that your conditions to retreive the secret are met. Please note that just 3 out of 5 are enough, which insures the availability of the secret even in case 2 peers are unavailable for some reason.
Your trusted peers can proceed to the Combine Secrets page even without your intervention. There they will find 3 text input fiels where to type or paste their share. Up to all of you to decide how this can happen, if the shares should be communicated to one person, or if all must be present and type it in, or dictate by phone, etc.
Once the 3 shares are submitted, our software will show the original secret exactly as you typed it in. If there was a typo in any of the strings our software will return an error, so be careful to check that every single letter of the share is correct: a mistake in communication can make it impossible to retrieve your secret.
Secret is written in a stateless language, does not make use of any database nor atoms and all content passing through it is not saved, only transformed and shown on screen. This service is a functional demo allowing anyone to split up to 1Kb of secret data into 5 shares of which 3 (a number we call "quorum") are enough to recover the initial secret.
Anyone planning to use Secrets for mission critical environments is encouraged to build his/her own version: this is possible on any PC operating system supporting Java. By running Secrets autonomously is also possible to change its configuration, for instance to:
If the secret being shared is really precious one should also consider adding an additional layer of encryption, for instance by using symmetric password encryption or even using public PGP keys of all participants.
To share large files it is recommended to use filesystem encryption (for instance using our other software Tomb) with a key that is then shared: this way the encrypted files can be stored in duplicate copies in possession of every participant, but they will be accessed only when enough participants agree.
Secrets is written in Clojure and is fully cross-platform: one can run it locally on a GNU/Linux machine, as well on Apple/OSX and MS/Windows.
For instance on Devuan systems one can install all necessary dependencies using apt and the following packages:
apt-get openjdk-7-jdk libversioneer-clojure haveged.
then install Leiningen which will take care of all Clojure dependencies:
mkdir ~/bin wget https://raw.githubusercontent.com/technomancy/leiningen/stable/bin/lein -O ~/bin/lein chmod +x ~/bin/lein
then from inside the Secrets source, start it with:
lein ring server
This command will open a browser pointing on the service running locally on http://localhost:3000
To start only a web server for the application, but no browser, run:
The configuration file used by Secrets is found in its own directory (the one where its started from) and called
config.json, an example holding defaults is
example-config.json. To run Secrets in production is at least necessary to change the
salt configuration item with a random generated string which has to remain constant for the installation and should not be made public. The salt of an installation is important for all those who use that particular instance, since it is a cryptographic element necessary to retrieve all secrets generated by that installation.
Other configuration items are self explanatory and can be left untouched.
Secrets is Free and Open Source research and development activity funded by the European Commission in the context of the Collective Awareness Platforms for Sustainability and Social Innovation (CAPSSI) program. Secrets uses the underlying FXC cryptographic protocol, whose use cases relate to trust management and social digital currency, explained in detail in the deliverable Implementation of digital social currency infrastructure (D5.5) produced as part of the D-CENT project (grant nr. 610349) and adopted as a component of the social wallet toolkit being developed for the PIE project (grant nr. 687922).
Industry standard addressed: Information technology – Security techniques – Secret sharing
The Secret Sharing algorithm used internally is implemented in Java by Tim Tiemens, adopted with a 4096 cipher prime number. The Integer Compression algorithm used internally is the FastPFOR128 by Daniel Lemire, see: Lemire, D. and Boytsov, L. "Decoding billions of integers per second through vectorization" (2015).
Secrets is Copyright (C) 2015-2017 by the Dyne.org Foundation
Secrets software and documentation are designed, written and maintained by Denis Roio firstname.lastname@example.org
Thanks for ideas and inspirations to Francesca Bria, Marco Sachy and Enric Durán Giralt.
This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more details. You should have received a copy of the GNU Affero General Public License along with this program. If not, see <http://www.gnu.org/licenses/>.