1ssss(1)                     General Commands Manual                    ssss(1)
2
3
4

NAME

6       ssss - Split and Combine Secrets using Shamir's Secret Sharing Scheme.
7

SYNOPSIS

9       ssss-split  -t threshold -n shares [-w token] [-s level] [-x] [-q] [-Q]
10       [-D] [-v]
11
12       ssss-combine -t threshold [-x] [-q] [-Q] [-D] [-v]
13

DESCRIPTION

15       ssss is an implementation of Shamir's Secret Sharing Scheme.  The  pro‐
16       gram  suite does both: the generation of shares for a known secret, and
17       the reconstruction of a secret using user-provided shares.
18

COMMANDS

20       ssss-split: prompt the user for a secret and generate a set  of  corre‐
21       sponding shares.
22
23       ssss-combine: read in a set of shares and reconstruct the secret.
24

OPTIONS

26       -t threshold
27              Specify  the  number  of  shares  necessary  to  reconstruct the
28              secret.
29
30       -n shares
31              Specify the number of shares to be generated.
32
33       -w token
34              Text token to name shares in order to avoid  confusion  in  case
35              one  utilizes  secret  sharing  to  protect  several independent
36              secrets. The generated shares are prefixed by these tokens.
37
38       -s level
39              Enforce the scheme's  security  level  (in  bits).  This  option
40              implies  an  upper  bound  for  the  length of the shared secret
41              (shorter secrets are padded). Only multiples of 8 in  the  range
42              from  8  to 1024 are allowed. If this option is ommitted (or the
43              value given is 0) the security  level  is  chosen  automatically
44              depending  on  the  secret's length. The security level directly
45              determines the length of the shares.
46
47       -x     Hex mode: use hexadecimal digits in place  of  ASCII  characters
48              for  I/O.  This  is  useful if one wants to protect binary data,
49              like block cipher keys.
50
51       -q     Quiet mode: disable all unnecessary output. Useful in scripts.
52
53       -Q     Extra quiet mode: like -q, but also suppress warnings.
54
55       -D     Disable the diffusion layer added in version 0.2. This option is
56              needed  when  shares are combined that where generated with ssss
57              version 0.1.
58
59       -v     Print version information.
60

EXAMPLE

62       In case you want to protect your login  password  with  a  set  of  ten
63       shares  in  such a way that any three of them can reconstruct the pass‐
64       word, you simply run the command
65
66       ssss-split -t 3 -n 10 -w passwd
67
68       To reconstruct the password pass three of the generated shares (in  any
69       order) to
70
71       ssss-combine -t 3
72

NOTES

74       To  protect a secret larger than 1024 bits a hybrid technique has to be
75       applied: encrypt the secret with a block cipher and apply secret  shar‐
76       ing to just the key. Among others openssl and gpg can do the encryption
77       part:
78
79       openssl bf -e < file.plain > file.encrypted
80
81       gpg -c < file.plain > file.encrypted
82

SECURITY

84       ssss tries to lock its virtual address space into RAM for privacy  rea‐
85       sons. But this may fail for two reasons: either the current uid doesn't
86       permit page locking, or the RLIMIT_MEMLOCK is set too low. After print‐
87       ing  a warning message ssss will run even without obtaining the desired
88       mlock.
89

AUTHOR

91       This software (v0.5) was written in 2006  by  B.  Poettering  (ssss  AT
92       point-at-infinity.org).   Find  the  newest  version  of  ssss  on  the
93       project's homepage: http://point-at-infinity.org/ssss/.
94

FURTHER READING

96       http://en.wikipedia.org/wiki/Secret_sharing
97
98
99
100Manuals                              User                              ssss(1)
Impressum