diff options
Diffstat (limited to 'misc/ssss/ssss.1.html')
-rw-r--r-- | misc/ssss/ssss.1.html | 177 |
1 files changed, 177 insertions, 0 deletions
diff --git a/misc/ssss/ssss.1.html b/misc/ssss/ssss.1.html new file mode 100644 index 0000000000000..cbcee6ee6fab2 --- /dev/null +++ b/misc/ssss/ssss.1.html @@ -0,0 +1,177 @@ +<body text="#000000" link="#0000ff" bgcolor="#ffffff"><center><table width="80%"> +<tr><td><h1>ssss</h1> +<h2>Split and Combine Secrets using Shamir's Secret Sharing Scheme.</h2> + + +<h2>Synopsis</h2> +<b> + ssss-split -t <em>threshold</em> -n <em>shares</em> [-w <em>token</em>] + [-s <em>level</em>] [-x] [-q] [-Q] [-D] [-v]<br> + + ssss-combine -t <em>threshold</em> [-x] [-q] [-Q] [-D] [-v]<br> + +</b> + + +<h2>Description</h2> + +<p>ssss is an implementation of Shamir's Secret Sharing Scheme. The +program suite does both: the generation of shares for a known secret, +and the reconstruction of a secret using user-provided shares.</p> + + + +<h2>Commands</h2> + + <p><b>ssss-split</b>: prompt the user for a secret and generate a set of + corresponding shares.</p> + + <p><b>ssss-combine</b>: read in a set of shares and reconstruct + the secret.</p> + + + +<h2>Options</h2> + + + +<p><b>-t <em>threshold</em></b></p> +<p>Specify the number of + shares necessary to reconstruct the secret.</p> + + + + +<p><b>-n <em>shares</em></b></p> + + <p>Specify the number of shares to be generated.</p> + + + + <p><b>-w <em>token</em></b></p> + + <p>Text token to name shares in order to avoid confusion in case one + utilizes secret sharing to protect several independent secrets. The + generated shares are prefixed by these tokens.</p> + + + + <p><b>-s <em>level</em></b></p> + + <p>Enforce the scheme's security level (in bits). This option + implies an upper bound for the length of the shared secret + (shorter secrets are padded). Only multiples of 8 in the range + from 8 to 1024 are allowed. If this option is ommitted (or the + value given is 0) the security level is chosen automatically + depending on the secret's length. The security level directly + determines the length of the shares.</p> + + + + <p><b>-x</b></p> + + <p>Hex mode: use hexadecimal digits in place of ASCII characters for + I/O. This is useful if one wants to protect binary data, like + block cipher keys.</p> + + + + <p><b>-q</b></p> + + <p>Quiet mode: disable all unnecessary output. Useful in scripts. + </p> + + + <p><b>-Q</b></p> + + <p>Extra quiet mode: like <b>-q</b>, but also suppress +warnings.</p> + + + + <p><b>-D</b></p> + + <p>Disable the diffusion layer added in version 0.2. This option + is needed when shares are combined that where generated with + ssss version 0.1.</p> + + + + <p><b>-v</b></p> + + <p>Print version information.</p> + + + + +<h2>Example</h2> + +<p> + In case you want to protect your login password with a set of ten + shares in such a way that any three of them can reconstruct the + password, you simply run the command +</p> + +<p> + ssss-split -t 3 -n 10 -w passwd +</p> + +<p> + To reconstruct the password pass three of the generated shares + (in any order) to +</p> + +<p> + ssss-combine -t 3 +</p> + + + +<h2>Notes</h2> + +<p> +To protect a secret larger than 1024 bits a hybrid technique has to be +applied: encrypt the secret with a block cipher and apply secret +sharing to just the key. Among others openssl and gpg can do the +encryption part: +</p> +<p> +openssl bf -e < file.plain > file.encrypted +</p> +<p> +gpg -c < file.plain > file.encrypted +</p> + + + + +<h2>Security</h2> + +<p> +<b>ssss</b> tries to lock its virtual address space into RAM for +privacy reasons. But this may fail for two reasons: either the current uid +doesn't permit page locking, or the RLIMIT_MEMLOCK is set too +low. After printing a warning message <b>ssss</b> will run even without +obtaining the desired mlock. +</p> + + + + +<h2>Author</h2> + + This software (v0.5) was written in 2006 by B. Poettering + (ssss AT point-at-infinity.org). Find the newest version of + ssss on the project's homepage: <a href = "http://point-at-infinity.org/ssss/">http://point-at-infinity.org/ssss/</a>. + + + +<h2>Further reading</h2> + + <a href = "http://en.wikipedia.org/wiki/Secret_sharing">http://en.wikipedia.org/wiki/Secret_sharing</a> + + + + +</td></tr></table></center> +</body> |