Toolkit for multi-factor, multi-role encryption
Go Protocol Buffer
Latest commit 9c9577f Feb 1, 2016 @benburkert benburkert Merge pull request #7 from benburkert/cli-graph
cmd/vcrypt: inspect graph display
Permalink
Failed to load latest commit information.
cli cli, cli/graph: move graph.PlanLines into cli.PlanGraph & cli.VaultGraph Jan 31, 2016
cmd/vcrypt cli, cli/graph: move graph.PlanLines into cli.PlanGraph & cli.VaultGraph Jan 31, 2016
config config: relax whitespace parse rules Jan 25, 2016
cryptex internal/test: add Users test data Jan 11, 2016
examples vcrypt: add README Dec 6, 2015
graph graph: walk in descending depth order for ReverseDFS Dec 6, 2015
internal/test internal/test: add Acme Bank plan config Jan 11, 2016
material material: add Material type Dec 6, 2015
payload vcrypt: rename package Dec 6, 2015
seal seal: add OpenPGP seal Dec 6, 2015
secret secret: add SSHKey type Jan 11, 2016
.travis.yml vcrypt: add travis-ci config Dec 8, 2015
LICENSE license Feb 12, 2015
README.md vcrypt: add README flair Dec 8, 2015
armor.go vcrypt: hex encode digests in armor output Dec 9, 2015
armor_test.go vcrypt: add Armor & Unarmor funcs Dec 6, 2015
builder.go vcrypt: rename package Dec 6, 2015
graph.go vcrypt: rename package Dec 6, 2015
graph_test.go config: use section id as default comment Jan 19, 2016
marker.pb.go vcrypt, internal/test: add Driver & Message types Dec 6, 2015
marker.proto vcrypt: add Marker type Dec 6, 2015
node.go vcrypt: rename package Dec 6, 2015
node.pb.go secret: add SSHKey type Jan 11, 2016
node.proto vcrypt: rename package Dec 6, 2015
node_test.go vcrypt: rename package Dec 6, 2015
plan.go vcrypt: rename package Dec 6, 2015
plan.pb.go vcrypt: rename package Dec 6, 2015
plan.proto vcrypt: rename package Dec 6, 2015
plan_test.go vcrypt: Acme Bank example tests Jan 11, 2016
vault.go vcrypt: rename package Dec 6, 2015
vault.pb.go vcrypt: rename package Dec 6, 2015
vault.proto vcrypt: rename package Dec 6, 2015
vault_test.go vcrypt: Acme Bank example tests Jan 11, 2016
vcrypt.go secret: add SSHKey type Jan 11, 2016
vcrypt.pb.go vcrypt: rename package Dec 6, 2015
vcrypt.proto vcrypt: rename package Dec 6, 2015

README.md

vcrypt GoDoc Build Status

A toolkit for multi-factor, multi-role encryption.

Overview

vcrypt is a toolkit for building & executing multi-factor encryption schemes. It supports a mulit-role encryption workflow: an expert user crafts an encryption plan distributed to a novice user for safe, reliable encryption.

Install

    $ go get github.com/vcrypt/vcrypt/cmd/vcrypt

Commands

    $ vcrypt help
    > usage: vcrypt <command> [<args>]
    >
    > The vcrypt commands are:
    >   build   Build plan file from plan config
    >   export  Export material data
    >   import  Import material data
    >   inspect Inspect vault, plan, or material data
    >   lock    Encrypt data to a vault
    >   unlock  Decrypt data from a vault

Artifacts

  • plan: encodes each step (node) in a multi-factor encryption scheme. Steps are arranged into a directed acyclic graph with a single root step. Each node is either a cryptex, secret, or material. Plans may be sealed. They contain no secret information and are safe to distribute publicly.

  • vault: holds a plan, the ciphertext for the protected data, and intermediate (non-secret) material required for decryption. There is no unencrypted secret data in the vault artifact. The lock command creates a vault which can be decrypted with the unlock command.

  • material: the serialized input/output of a node for a vault. Secret material data is stored in the database, non-secret data may be stored as part of the vault. Allows sharing of solutions to nodes (secret data) between users with the import & export command.

Reference

  • cryptex: the combination of an encryption construct (like Shamir's Secret Sharing, NaCl's secretbox, or OpenPGP public key encryption) along with any required configuration (public keys, m-of-n values). A cryptex node is a single factor in a multi-factor encryption scheme.

  • seal: a digital signature combined with the cryptographic material needed to verify the signature (e.g. a public key).

  • secret: the sensitive input data required to lock and/or unlock a single cryptex.

Examples