Skip to content

vcrypt/vcrypt

master
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
1 branch 1 tag
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
cli
 
 
cmd/vcrypt
 
 
config
 
 
cryptex
 
 
examples
 
 
graph
 
 
internal/test
 
 
material
 
 
payload
 
 
seal
 
 
secret
 
 
.travis.yml
 
 
LICENSE
 
 
README.md
 
 
armor.go
 
 
armor_test.go
 
 
builder.go
 
 
graph.go
 
 
graph_test.go
 
 
marker.pb.go
 
 
marker.proto
 
 
node.go
 
 
node.pb.go
 
 
node.proto
 
 
node_test.go
 
 
plan.go
 
 
plan.pb.go
 
 
plan.proto
 
 
plan_test.go
 
 
vault.go
 
 
vault.pb.go
 
 
vault.proto
 
 
vault_test.go
 
 
vcrypt.go
 
 
vcrypt.pb.go
 
 
vcrypt.proto
 
 
vcrypt Overview Install Commands Artifacts Reference Examples

README.md

vcrypt GoDoc Build Status

A toolkit for multi-factor, multi-role encryption.

Overview

vcrypt is a toolkit for building & executing multi-factor encryption schemes. It supports a mulit-role encryption workflow: an expert user crafts an encryption plan distributed to a novice user for safe, reliable encryption.

Install

    $ go get github.com/vcrypt/vcrypt/cmd/vcrypt

Commands

    $ vcrypt help
    > usage: vcrypt <command> [<args>]
    >
    > The vcrypt commands are:
    >   build   Build plan file from plan config
    >   export  Export material data
    >   import  Import material data
    >   inspect Inspect vault, plan, or material data
    >   lock    Encrypt data to a vault
    >   unlock  Decrypt data from a vault

Artifacts

  • plan: encodes each step (node) in a multi-factor encryption scheme. Steps are arranged into a directed acyclic graph with a single root step. Each node is either a cryptex, secret, or material. Plans may be sealed. They contain no secret information and are safe to distribute publicly.

  • vault: holds a plan, the ciphertext for the protected data, and intermediate (non-secret) material required for decryption. There is no unencrypted secret data in the vault artifact. The lock command creates a vault which can be decrypted with the unlock command.

  • material: the serialized input/output of a node for a vault. Secret material data is stored in the database, non-secret data may be stored as part of the vault. Allows sharing of solutions to nodes (secret data) between users with the import & export command.

Reference

  • cryptex: the combination of an encryption construct (like Shamir's Secret Sharing, NaCl's secretbox, or OpenPGP public key encryption) along with any required configuration (public keys, m-of-n values). A cryptex node is a single factor in a multi-factor encryption scheme.

  • seal: a digital signature combined with the cryptographic material needed to verify the signature (e.g. a public key).

  • secret: the sensitive input data required to lock and/or unlock a single cryptex.

Examples

About

Toolkit for multi-factor, multi-role encryption

Resources

Readme

License

MIT license

Stars

66 stars

Watchers

3 watching

Forks

1 fork
Report repository

Releases

1 tags

Packages

No packages published

Languages