A toolkit for multi-factor, multi-role encryption.
vcrypt is a toolkit for building & executing multi-factor encryption schemes. It supports a mulit-role encryption workflow: an expert user crafts an encryption plan distributed to a novice user for safe, reliable encryption.
$ go get github.com/vcrypt/vcrypt/cmd/vcrypt
$ vcrypt help > usage: vcrypt <command> [<args>] > > The vcrypt commands are: > build Build plan file from plan config > export Export material data > import Import material data > inspect Inspect vault, plan, or material data > lock Encrypt data to a vault > unlock Decrypt data from a vault
plan: encodes each step (node) in a multi-factor encryption scheme. Steps are arranged into a directed acyclic graph with a single root step. Each node is either a cryptex, secret, or material. Plans may be sealed. They contain no secret information and are safe to distribute publicly.
vault: holds a plan, the ciphertext for the protected data, and intermediate (non-secret) material required for decryption. There is no unencrypted secret data in the vault artifact. The
lockcommand creates a vault which can be decrypted with the
material: the serialized input/output of a node for a vault. Secret material data is stored in the database, non-secret data may be stored as part of the vault. Allows sharing of solutions to nodes (secret data) between users with the
cryptex: the combination of an encryption construct (like Shamir's Secret Sharing, NaCl's secretbox, or OpenPGP public key encryption) along with any required configuration (public keys, m-of-n values). A cryptex node is a single factor in a multi-factor encryption scheme.
seal: a digital signature combined with the cryptographic material needed to verify the signature (e.g. a public key).
secret: the sensitive input data required to lock and/or unlock a single cryptex.