aboutsummaryrefslogtreecommitdiff
path: root/misc/ssss/ssss.1.html
diff options
context:
space:
mode:
Diffstat (limited to 'misc/ssss/ssss.1.html')
-rw-r--r--misc/ssss/ssss.1.html177
1 files changed, 177 insertions, 0 deletions
diff --git a/misc/ssss/ssss.1.html b/misc/ssss/ssss.1.html
new file mode 100644
index 0000000000000..cbcee6ee6fab2
--- /dev/null
+++ b/misc/ssss/ssss.1.html
@@ -0,0 +1,177 @@
+<body text="#000000" link="#0000ff" bgcolor="#ffffff"><center><table width="80%">
+<tr><td><h1>ssss</h1>
+<h2>Split and Combine Secrets using Shamir's Secret Sharing Scheme.</h2>
+
+
+<h2>Synopsis</h2>
+<b>
+ ssss-split -t <em>threshold</em> -n <em>shares</em> [-w <em>token</em>]
+ [-s <em>level</em>] [-x] [-q] [-Q] [-D] [-v]<br>
+
+ ssss-combine -t <em>threshold</em> [-x] [-q] [-Q] [-D] [-v]<br>
+
+</b>
+
+
+<h2>Description</h2>
+
+<p>ssss is an implementation of Shamir's Secret Sharing Scheme. The
+program suite does both: the generation of shares for a known secret,
+and the reconstruction of a secret using user-provided shares.</p>
+
+
+
+<h2>Commands</h2>
+
+ <p><b>ssss-split</b>: prompt the user for a secret and generate a set of
+ corresponding shares.</p>
+
+ <p><b>ssss-combine</b>: read in a set of shares and reconstruct
+ the secret.</p>
+
+
+
+<h2>Options</h2>
+
+
+
+<p><b>-t <em>threshold</em></b></p>
+<p>Specify the number of
+ shares necessary to reconstruct the secret.</p>
+
+
+
+
+<p><b>-n <em>shares</em></b></p>
+
+ <p>Specify the number of shares to be generated.</p>
+
+
+
+ <p><b>-w <em>token</em></b></p>
+
+ <p>Text token to name shares in order to avoid confusion in case one
+ utilizes secret sharing to protect several independent secrets. The
+ generated shares are prefixed by these tokens.</p>
+
+
+
+ <p><b>-s <em>level</em></b></p>
+
+ <p>Enforce the scheme's security level (in bits). This option
+ implies an upper bound for the length of the shared secret
+ (shorter secrets are padded). Only multiples of 8 in the range
+ from 8 to 1024 are allowed. If this option is ommitted (or the
+ value given is 0) the security level is chosen automatically
+ depending on the secret's length. The security level directly
+ determines the length of the shares.</p>
+
+
+
+ <p><b>-x</b></p>
+
+ <p>Hex mode: use hexadecimal digits in place of ASCII characters for
+ I/O. This is useful if one wants to protect binary data, like
+ block cipher keys.</p>
+
+
+
+ <p><b>-q</b></p>
+
+ <p>Quiet mode: disable all unnecessary output. Useful in scripts.
+ </p>
+
+
+ <p><b>-Q</b></p>
+
+ <p>Extra quiet mode: like <b>-q</b>, but also suppress
+warnings.</p>
+
+
+
+ <p><b>-D</b></p>
+
+ <p>Disable the diffusion layer added in version 0.2. This option
+ is needed when shares are combined that where generated with
+ ssss version 0.1.</p>
+
+
+
+ <p><b>-v</b></p>
+
+ <p>Print version information.</p>
+
+
+
+
+<h2>Example</h2>
+
+<p>
+ In case you want to protect your login password with a set of ten
+ shares in such a way that any three of them can reconstruct the
+ password, you simply run the command
+</p>
+
+<p>
+ ssss-split -t 3 -n 10 -w passwd
+</p>
+
+<p>
+ To reconstruct the password pass three of the generated shares
+ (in any order) to
+</p>
+
+<p>
+ ssss-combine -t 3
+</p>
+
+
+
+<h2>Notes</h2>
+
+<p>
+To protect a secret larger than 1024 bits a hybrid technique has to be
+applied: encrypt the secret with a block cipher and apply secret
+sharing to just the key. Among others openssl and gpg can do the
+encryption part:
+</p>
+<p>
+openssl bf -e &lt; file.plain &gt; file.encrypted
+</p>
+<p>
+gpg -c &lt; file.plain &gt; file.encrypted
+</p>
+
+
+
+
+<h2>Security</h2>
+
+<p>
+<b>ssss</b> tries to lock its virtual address space into RAM for
+privacy reasons. But this may fail for two reasons: either the current uid
+doesn't permit page locking, or the RLIMIT_MEMLOCK is set too
+low. After printing a warning message <b>ssss</b> will run even without
+obtaining the desired mlock.
+</p>
+
+
+
+
+<h2>Author</h2>
+
+ This software (v0.5) was written in 2006 by B. Poettering
+ (ssss AT point-at-infinity.org). Find the newest version of
+ ssss on the project's homepage: <a href = "http://point-at-infinity.org/ssss/">http://point-at-infinity.org/ssss/</a>.
+
+
+
+<h2>Further reading</h2>
+
+ <a href = "http://en.wikipedia.org/wiki/Secret_sharing">http://en.wikipedia.org/wiki/Secret_sharing</a>
+
+
+
+
+</td></tr></table></center>
+</body>