diff options
Diffstat (limited to 'misc')
-rw-r--r-- | misc/ssss/README | 6 | ||||
-rw-r--r-- | misc/ssss/slack-desc | 19 | ||||
-rw-r--r-- | misc/ssss/ssss.1 | 62 | ||||
-rw-r--r-- | misc/ssss/ssss.1.html | 177 | ||||
-rw-r--r-- | misc/ssss/ssss.SlackBuild | 99 | ||||
-rw-r--r-- | misc/ssss/ssss.info | 10 |
6 files changed, 373 insertions, 0 deletions
diff --git a/misc/ssss/README b/misc/ssss/README new file mode 100644 index 0000000000..64addb9224 --- /dev/null +++ b/misc/ssss/README @@ -0,0 +1,6 @@ +ssss (Shamir's Secret Sharing Scheme) + +ssss is a method for distributing a secret amongst a group of +participants, each of which is allocated a share of the secret. +The secret can only be reconstructed when the shares are combined +together; individual shares are of no use on their own. diff --git a/misc/ssss/slack-desc b/misc/ssss/slack-desc new file mode 100644 index 0000000000..73aa892001 --- /dev/null +++ b/misc/ssss/slack-desc @@ -0,0 +1,19 @@ +# HOW TO EDIT THIS FILE: +# The "handy ruler" below makes it easier to edit a package description. Line +# up the first '|' above the ':' following the base package name, and the '|' +# on the right side marks the last column you can put a character in. You must +# make exactly 11 lines for the formatting to be correct. It's also +# customary to leave one space after the ':'. + + |----------handy-ruler-------------------------------------------------| +ssss: ssss (Shamir's Secret Sharing Scheme) +ssss: +ssss: ssss is a method for distributing a secret amongst a group of +ssss: participants, each of which is allocated a share of the secret. +ssss: The secret can only be reconstructed when the shares are combined +ssss: together; individual shares are of no use on their own. +ssss: +ssss: Homepage: http://point-at-infinity.org/ssss/ +ssss: +ssss: +ssss: diff --git a/misc/ssss/ssss.1 b/misc/ssss/ssss.1 new file mode 100644 index 0000000000..a429c634e9 --- /dev/null +++ b/misc/ssss/ssss.1 @@ -0,0 +1,62 @@ +.TH ssss 1 User Manuals +.SH NAME +ssss \- Split and Combine Secrets using Shamir's Secret Sharing Scheme. +.SH SYNOPSIS +\fBssss-split -t \fIthreshold\fB -n \fIshares\fB [-w \fItoken\fB] [-s \fIlevel\fB] [-x] [-q] [-Q] [-D] [-v] + +ssss-combine -t \fIthreshold\fB [-x] [-q] [-Q] [-D] [-v] +\f1 +.SH DESCRIPTION +ssss is an implementation of Shamir's Secret Sharing Scheme. The program suite does both: the generation of shares for a known secret, and the reconstruction of a secret using user-provided shares. +.SH COMMANDS +\fBssss-split\f1: prompt the user for a secret and generate a set of corresponding shares. + +\fBssss-combine\f1: read in a set of shares and reconstruct the secret. +.SH OPTIONS +.TP +\fB-t \fIthreshold\fB\f1 +Specify the number of shares necessary to reconstruct the secret. +.TP +\fB-n \fIshares\fB\f1 +Specify the number of shares to be generated. +.TP +\fB-w \fItoken\fB\f1 +Text token to name shares in order to avoid confusion in case one utilizes secret sharing to protect several independent secrets. The generated shares are prefixed by these tokens. +.TP +\fB-s \fIlevel\fB\f1 +Enforce the scheme's security level (in bits). This option implies an upper bound for the length of the shared secret (shorter secrets are padded). Only multiples of 8 in the range from 8 to 1024 are allowed. If this option is ommitted (or the value given is 0) the security level is chosen automatically depending on the secret's length. The security level directly determines the length of the shares. +.TP +\fB-x\f1 +Hex mode: use hexadecimal digits in place of ASCII characters for I/O. This is useful if one wants to protect binary data, like block cipher keys. +.TP +\fB-q\f1 +Quiet mode: disable all unnecessary output. Useful in scripts. +.TP +\fB-Q\f1 +Extra quiet mode: like \fB-q\f1, but also suppress warnings. +.TP +\fB-D\f1 +Disable the diffusion layer added in version 0.2. This option is needed when shares are combined that where generated with ssss version 0.1. +.TP +\fB-v\f1 +Print version information. +.SH EXAMPLE +In case you want to protect your login password with a set of ten shares in such a way that any three of them can reconstruct the password, you simply run the command + +ssss-split -t 3 -n 10 -w passwd + +To reconstruct the password pass three of the generated shares (in any order) to + +ssss-combine -t 3 +.SH NOTES +To protect a secret larger than 1024 bits a hybrid technique has to be applied: encrypt the secret with a block cipher and apply secret sharing to just the key. Among others openssl and gpg can do the encryption part: + +openssl bf -e < file.plain > file.encrypted + +gpg -c < file.plain > file.encrypted +.SH SECURITY +\fBssss\f1 tries to lock its virtual address space into RAM for privacy reasons. But this may fail for two reasons: either the current uid doesn't permit page locking, or the RLIMIT_MEMLOCK is set too low. After printing a warning message \fBssss\f1 will run even without obtaining the desired mlock. +.SH AUTHOR +This software (v0.5) was written in 2006 by B. Poettering (ssss AT point-at-infinity.org). Find the newest version of ssss on the project's homepage: \fBhttp://point-at-infinity.org/ssss/\f1. +.SH FURTHER READING +\fBhttp://en.wikipedia.org/wiki/Secret_sharing\f1 diff --git a/misc/ssss/ssss.1.html b/misc/ssss/ssss.1.html new file mode 100644 index 0000000000..cbcee6ee6f --- /dev/null +++ b/misc/ssss/ssss.1.html @@ -0,0 +1,177 @@ +<body text="#000000" link="#0000ff" bgcolor="#ffffff"><center><table width="80%"> +<tr><td><h1>ssss</h1> +<h2>Split and Combine Secrets using Shamir's Secret Sharing Scheme.</h2> + + +<h2>Synopsis</h2> +<b> + ssss-split -t <em>threshold</em> -n <em>shares</em> [-w <em>token</em>] + [-s <em>level</em>] [-x] [-q] [-Q] [-D] [-v]<br> + + ssss-combine -t <em>threshold</em> [-x] [-q] [-Q] [-D] [-v]<br> + +</b> + + +<h2>Description</h2> + +<p>ssss is an implementation of Shamir's Secret Sharing Scheme. The +program suite does both: the generation of shares for a known secret, +and the reconstruction of a secret using user-provided shares.</p> + + + +<h2>Commands</h2> + + <p><b>ssss-split</b>: prompt the user for a secret and generate a set of + corresponding shares.</p> + + <p><b>ssss-combine</b>: read in a set of shares and reconstruct + the secret.</p> + + + +<h2>Options</h2> + + + +<p><b>-t <em>threshold</em></b></p> +<p>Specify the number of + shares necessary to reconstruct the secret.</p> + + + + +<p><b>-n <em>shares</em></b></p> + + <p>Specify the number of shares to be generated.</p> + + + + <p><b>-w <em>token</em></b></p> + + <p>Text token to name shares in order to avoid confusion in case one + utilizes secret sharing to protect several independent secrets. The + generated shares are prefixed by these tokens.</p> + + + + <p><b>-s <em>level</em></b></p> + + <p>Enforce the scheme's security level (in bits). This option + implies an upper bound for the length of the shared secret + (shorter secrets are padded). Only multiples of 8 in the range + from 8 to 1024 are allowed. If this option is ommitted (or the + value given is 0) the security level is chosen automatically + depending on the secret's length. The security level directly + determines the length of the shares.</p> + + + + <p><b>-x</b></p> + + <p>Hex mode: use hexadecimal digits in place of ASCII characters for + I/O. This is useful if one wants to protect binary data, like + block cipher keys.</p> + + + + <p><b>-q</b></p> + + <p>Quiet mode: disable all unnecessary output. Useful in scripts. + </p> + + + <p><b>-Q</b></p> + + <p>Extra quiet mode: like <b>-q</b>, but also suppress +warnings.</p> + + + + <p><b>-D</b></p> + + <p>Disable the diffusion layer added in version 0.2. This option + is needed when shares are combined that where generated with + ssss version 0.1.</p> + + + + <p><b>-v</b></p> + + <p>Print version information.</p> + + + + +<h2>Example</h2> + +<p> + In case you want to protect your login password with a set of ten + shares in such a way that any three of them can reconstruct the + password, you simply run the command +</p> + +<p> + ssss-split -t 3 -n 10 -w passwd +</p> + +<p> + To reconstruct the password pass three of the generated shares + (in any order) to +</p> + +<p> + ssss-combine -t 3 +</p> + + + +<h2>Notes</h2> + +<p> +To protect a secret larger than 1024 bits a hybrid technique has to be +applied: encrypt the secret with a block cipher and apply secret +sharing to just the key. Among others openssl and gpg can do the +encryption part: +</p> +<p> +openssl bf -e < file.plain > file.encrypted +</p> +<p> +gpg -c < file.plain > file.encrypted +</p> + + + + +<h2>Security</h2> + +<p> +<b>ssss</b> tries to lock its virtual address space into RAM for +privacy reasons. But this may fail for two reasons: either the current uid +doesn't permit page locking, or the RLIMIT_MEMLOCK is set too +low. After printing a warning message <b>ssss</b> will run even without +obtaining the desired mlock. +</p> + + + + +<h2>Author</h2> + + This software (v0.5) was written in 2006 by B. Poettering + (ssss AT point-at-infinity.org). Find the newest version of + ssss on the project's homepage: <a href = "http://point-at-infinity.org/ssss/">http://point-at-infinity.org/ssss/</a>. + + + +<h2>Further reading</h2> + + <a href = "http://en.wikipedia.org/wiki/Secret_sharing">http://en.wikipedia.org/wiki/Secret_sharing</a> + + + + +</td></tr></table></center> +</body> diff --git a/misc/ssss/ssss.SlackBuild b/misc/ssss/ssss.SlackBuild new file mode 100644 index 0000000000..1460be2c29 --- /dev/null +++ b/misc/ssss/ssss.SlackBuild @@ -0,0 +1,99 @@ +#!/bin/sh + +# Slackware build script for ssss + +# Copyright (c) 2011 Markus Reichelt, Aachen, DE +# All rights reserved. +# +# Permission to use, copy, modify, and distribute this software for +# any purpose with or without fee is hereby granted, provided that +# the above copyright notice and this permission notice appear in all +# copies. +# +# THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. +# IN NO EVENT SHALL THE AUTHORS AND COPYRIGHT HOLDERS AND THEIR +# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT +# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF +# USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND +# ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, +# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT +# OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# +# markus reichelt, slackbuilds@mareichelt.de, 0xCCEEF115 +# 2011 Apr 07 - initial release + +PRGNAM=ssss +VERSION=${VERSION:-0.5} +BUILD=${BUILD:-1} +TAG=${TAG:-_SBo} + +if [ -z "$ARCH" ]; then + case "$( uname -m )" in + i?86) ARCH=i486 ;; + arm*) ARCH=arm ;; + *) ARCH=$( uname -m ) ;; + esac +fi + +CWD=$(pwd) +TMP=${TMP:-/tmp/SBo} +PKG=$TMP/package-$PRGNAM +OUTPUT=${OUTPUT:-/tmp} + +if [ "$ARCH" = "i486" ]; then + SLKCFLAGS="-O2 -march=i486 -mtune=i686" + LIBDIRSUFFIX="" +elif [ "$ARCH" = "i686" ]; then + SLKCFLAGS="-O2 -march=i686 -mtune=i686" + LIBDIRSUFFIX="" +elif [ "$ARCH" = "x86_64" ]; then + SLKCFLAGS="-O2 -fPIC" + LIBDIRSUFFIX="64" +else + SLKCFLAGS="-O2" + LIBDIRSUFFIX="" +fi + +set -e + +rm -rf $PKG +mkdir -p $TMP $PKG $OUTPUT +cd $TMP +rm -rf $PRGNAM-$VERSION +tar xvf $CWD/$PRGNAM-$VERSION.tar.gz +cd $PRGNAM-$VERSION +chown -R root:root . +find . \ + \( -perm 777 -o -perm 775 -o -perm 711 -o -perm 555 -o -perm 511 \) \ + -exec chmod 755 {} \; -o \ + \( -perm 666 -o -perm 664 -o -perm 600 -o -perm 444 -o -perm 440 -o -perm 400 \) \ + -exec chmod 644 {} \; + +mkdir -p $PKG/usr/bin $PKG/usr/man/man1 $PKG/usr/doc/$PRGNAM-$VERSION + +sed -i "s/-O2/${SLKCFLAGS}/" Makefile + +make ssss-split +make ssss-combine + +cp -a ssss-split ssss-combine $PKG/usr/bin +cp -a $CWD/ssss.1 $PKG/usr/man/man1/ + + +find $PKG | xargs file | grep -e "executable" -e "shared object" | grep ELF \ + | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null || true + +gzip -9 $PKG/usr/man/man1/ssss.1 + +cp -a HISTORY LICENSE doc.html $CWD/ssss.1.html $PKG/usr/doc/$PRGNAM-$VERSION +cat $CWD/$PRGNAM.SlackBuild > $PKG/usr/doc/$PRGNAM-$VERSION/$PRGNAM.SlackBuild + +mkdir -p $PKG/install +cat $CWD/slack-desc > $PKG/install/slack-desc + +cd $PKG +/sbin/makepkg -l y -c n $OUTPUT/$PRGNAM-$VERSION-$ARCH-$BUILD$TAG.${PKGTYPE:-tgz} diff --git a/misc/ssss/ssss.info b/misc/ssss/ssss.info new file mode 100644 index 0000000000..593bf47806 --- /dev/null +++ b/misc/ssss/ssss.info @@ -0,0 +1,10 @@ +PRGNAM="ssss" +VERSION="0.5" +HOMEPAGE="http://point-at-infinity.org/ssss/" +DOWNLOAD="http://point-at-infinity.org/ssss/ssss-0.5.tar.gz" +MD5SUM="24227252aa195a146d09de1df10357a1" +DOWNLOAD_x86_64="" +MD5SUM_x86_64="" +MAINTAINER="markus reichelt" +EMAIL="slackbuilds@mareichelt.de" +APPROVED="Niels Horn" |