Skip to content
This repository has been archived by the owner on Aug 31, 2023. It is now read-only.
/ horcrux Public archive

A security question based secret sharing utility.

License

Notifications You must be signed in to change notification settings

lukasmalkmus/horcrux

Repository files navigation

lukasmalkmus/horcrux

A security question based secret sharing utility.

Go Workflow Coverage Status Go Report Go Reference Latest Release License


Table of Contents

  1. Introduction
  2. Usage
  3. Contributing
  4. License

Introduction

horcrux is a security question based secret sharing utility. The idea and package code is inspired and mostly taken from the abandoned horcrux package by Coda Hale.

horcrux splits a secret into multiple fragments and associates every fragment with a security question. The answer to that question is used to encrypt the fragment using ChaCha20Poly1305. Only a given number of fragments is needed to fully restore the original secret.

Installation

Download and install the pre-compiled binary manually

Binary releases are available on GitHub Releases.

Install using Homebrew

brew tap lukasmalkmus/tap
brew install horcrux

To update:

brew upgrade horcrux

Install using go get

go get -u github.com/lukasmalkmus/horcrux/cmd/horcrux

Install from source

git clone https://github.com/lukasmalkmus/horcrux.git
cd horcrux
make install # Build and install binary into $GOPATH

Run the Docker image

Docker images are available on the GitHub Container Registry.

docker pull ghcr.io/lukasmalkmus/horcrux
docker run ghcr.io/lukasmalkmus/horcrux

Validate installation

In all cases the installation can be validated by running horcrux -v in the terminal:

horcrux version 1.0.0

Usage

horcrux [flags] [commands]

Help on flags and commands:

horcrux --help

Performance

As of today, the implementation isn't suitable for large files. Shamir's Secret Sharing algorithm is very computation intesive and takes most of the time. Below are some benchmarks (MacBook Pro, 2,8 GHz Quad-Core i7, 16 GB):

name          time/op
Split64KB-8    364ms ± 6%
Split1MB-8     476ms ± 1%
Split128MB-8   18.4s ± 1%
Split1GB-8      160s ± 8%

name          alloc/op
Split64KB-8    135MB ± 0%
Split1MB-8     145MB ± 0%
Split128MB-8  1.48GB ± 0%
Split1GB-8    10.9GB ± 0%

name          allocs/op
Split64KB-8    65.6k ± 0%
Split1MB-8     1.05M ± 0%
Split128MB-8    134M ± 0%
Split1GB-8     1.07G ± 0%

Splitting a 1GB file takes up to 3 minutes. Also the memory consumption is a lot higher than the size of the file which is being processed. An io.Reader based implementation is needed to fix this but this requires multiple tweaks, especially to Shamir's Secret Sharing implementation.

Contributing

Feel free to submit PRs or to fill issues. Every kind of help is appreciated.

Before committing, make should run without any issues.

License

© Lukas Malkmus, 2021

Distributed under MIT License (The MIT License).

See LICENSE for more information.

License Status