CLI for Shamir's Secret Sharing and AES key generation, encryption, and decryption.

Overview

Shush 🤫

This simple program will help you run Shamir's Secret Sharing algorithm on any file using the split and merge commands. It also contains tools to easily generate an AES key and encrypt and decrypt files using said key.

There is a bitcoin bounty ready to be claimed if you can bypass this scheme.

If you are backing up a bitcoin wallet, you might be better off doing something with multisig. This article summarizes some of the drawbacks of Shamir, but I think in some cases it's still a good solution!

This is not security-hardened code. Use at your own risk.

Usage

Screen recording of shush usage

Encrypt and Decrypt Files

# Generate a new AES Key
shush generate my.key

# Encrypt a secret file or archive with your AES Key
shush encrypt -key=my.key secrets.tar 

# Decrypt a payload using an AES key
shush decrypt -key=my.key secrets.tar.shush 

Split and Merge with Shamir's Secret Sharing Algorithm

# Split a file into 5 shards, requiring a threshold of at least 3 shards for recovery
shush split -t=3 -s=5 my.key

# Merge shards back into the original file
shush merge my.key.shard0 my.key.shard2 my.key.shard4

# On unix you can also use a wildcard, if the names are preserved.
shush merge my.key.shard*

Build & Install

# On a unix-based system with go installed...
go build -o shush main.go
# install on your system
mv shush /usr/local/bin

FAQ

Why is this useful?

If you've distributed the shards of an AES key to your team (read: family, friends, coworkers), they will be able to recover any encrypted data in case you lose it, become incapacitated, or worse.

Can't I just split a key into chunks, and distribute the chunks?

With Shamir's algorithm, you can specify a threshold for recovery that is lower than the total number of shards. This approach protects you against some members of your team losing their shards.

How do I safely generate and distribute shards & encrypted payloads?

Run this program in Tails with no internet connection. Be extremely careful about how you store your key! Distribute shards to your team on physical media (like flash drives). You may also want to notify your team members who else is on their team, but ideally that information will live in their heads, not in their emails.

What should I include when distributing shards?

You may want to consider including any of the following things when distributing shards:

  • instructions on how to merge shards and decrypt files
  • information about the location of other potential payloads
  • a copy of the encrypted payload(s)
  • a copy of shush
  • a copy of the shush source code

How do I safely merge shards and decrypt payloads?

Since the payload likely has sensitive contents, you should take similar precautions (tails, offline, etc.) when re-assembling keys and decrypting payloads.

Can I encrypt additional or updated secrets?

If you hold onto your original AES key, you can create new encrypted payloads whenever you want, and redistribute or upload just the payload without having to generate new keys or distribute new shards.

What stops the people on my team from coordinating to steal my secrets against my will?

Nothing. Choose your team wisely.

Issues
  • wildcard does not work under win10

    wildcard does not work under win10

    under windows 10:

    R:>shush.exe merge my.key.* Error: You must supply at least 2 shards to attempt to combine them into a secret

    opened by d3vil7 1
  • Bitcoin Bounty 💰

    Bitcoin Bounty 💰

    I've used shush to...

    1. generate a key
    2. encrypt a tarball containing a bitcoin private key among other things
    3. split a 3 of 5 shamir of the key

    bounty_files.zip contains 2 of the shards and the encrypted payload containing a private key for this address.

    If you successfully break the AES or the shamir shares, then you can transfer ~$200 of BTC to your own wallet.


    If you submit an issue explaining how you did it, or better yet how to fix it, I'll double the reward.

    opened by shushcli 2
Releases(v0.1.0)
CLI - A package for building command line app with go

Command line interface Screenshot Key features Lightweight and easy to use. Defines flag by tag, e.g. flag name(short or/and long), description, defau

王仕晋 587 Jul 18, 2021
Secure, private and feature-rich CLI password manager

Kure Kure is a free and open-source password manager for the command-line. This project aims to offer the most secure and private way of operating wit

Gastón Palomeque 106 Jul 19, 2021
A versatile library for building CLI applications in Go

mow.cli Package cli provides a framework to build command line applications in Go with most of the burden of arguments parsing and validation placed o

Jawher Moussa 741 Jul 18, 2021
Soren L. Hansen 1.2k Jul 19, 2021
Teller - the open-source universal secret manager for developers

A secrets management tool for developers built in Go - never leave your command line for secrets.

null 429 Jul 25, 2021
Share your terminal as a web application

GoTTY - Share your terminal as a web application GoTTY is a simple command line tool that turns your CLI tools into web applications. Installation Dow

Iwasaki Yudai 15.6k Jul 25, 2021
Fully featured Go (golang) command line option parser with built-in auto-completion support.

go-getoptions Go option parser inspired on the flexibility of Perl’s GetOpt::Long. Table of Contents Quick overview Examples Simple script Program wit

David Gamba 36 Jul 6, 2021
Make Highly Customized Boxes for your CLI

Box CLI Maker ?? Box CLI Maker is a Highly Customized Terminal Box Creator. Features Make Terminal Box in 8️⃣ inbuilt different styles 16 Inbuilt Colo

Swastik Baranwal 138 Jul 18, 2021
A command-line tool for Stripe

Stripe CLI The Stripe CLI helps you build, test, and manage your Stripe integration right from the terminal. With the CLI, you can: Securely test webh

Stripe 1.1k Jul 26, 2021
Kong is a command-line parser for Go

Kong is a command-line parser for Go Introduction Help Help as a user of a Kong application Defining help in Kong Command handling Switch on the comma

Alec Thomas 589 Jul 24, 2021
Another Go shellcode loader designed to work with Cobalt Strike raw binary payload.

Bankai Another Go shellcode loader designed to work with Cobalt Strike raw binary payload. I created this project to mainly educate myself learning Go

bigb0ss 33 Jul 19, 2021
Another CLI framework for Go. It works on my machine.

Command line interface framework Go framework for rapid command line application development

Ulrich Kautz 108 May 24, 2021
Sloc, Cloc and Code: scc is a very fast accurate code counter with complexity calculations and COCOMO estimates written in pure Go

Sloc Cloc and Code (scc) A tool similar to cloc, sloccount and tokei. For counting physical the lines of code, blank lines, comment lines, and physica

Ben Boyter 2.6k Jul 20, 2021
GitHub’s official command line tool

GitHub CLI gh is GitHub on the command line. It brings pull requests, issues, and other GitHub concepts to the terminal next to where you are already

GitHub CLI 24.1k Jul 21, 2021