This is a helper utility to generate a private key split in n
shares that can be later reassembled via k
of them to decrypt a document. Is uses an implementation of Shamir's threshold secret sharing scheme in JavaScript (with the help of secrets.js library).
The general use case looks like this:
- Alice generates a public / private key pair with a private key splitted in
n
shares and public key saved non-securely (e.g.yarn start generate-shares -k 3 -n 5
) - Alice sends
n
shares to Bobs to let them decrypt her message later. - Alice encrypts data with an encryption tool and public key saved in share generation step (e.g.
yarn start encrypt -i data-to-encrypt.txt
) and send encrypted data to Bobs. - Bobs collect at least
k
shares to decrypt the data (e.g.yarn start decrypt -i encrypted-data.txt
, follow instructions in CLI).
The only piece of data considered vulnerable in the flow is the generated private key.
It is held in the memory only while in the generating shares process and can be retrieved given k
out of n
shares are known.
Generally, stdio is considered a secure location, but you should clear the terminal as long as shares are being sent to shareholders.