Skip to content

vcrypt/vcrypt

master
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
cli
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

vcrypt GoDoc Build Status

A toolkit for multi-factor, multi-role encryption.

Overview

vcrypt is a toolkit for building & executing multi-factor encryption schemes. It supports a mulit-role encryption workflow: an expert user crafts an encryption plan distributed to a novice user for safe, reliable encryption.

Install

    $ go get github.com/vcrypt/vcrypt/cmd/vcrypt

Commands

    $ vcrypt help
    > usage: vcrypt <command> [<args>]
    >
    > The vcrypt commands are:
    >   build   Build plan file from plan config
    >   export  Export material data
    >   import  Import material data
    >   inspect Inspect vault, plan, or material data
    >   lock    Encrypt data to a vault
    >   unlock  Decrypt data from a vault

Artifacts

  • plan: encodes each step (node) in a multi-factor encryption scheme. Steps are arranged into a directed acyclic graph with a single root step. Each node is either a cryptex, secret, or material. Plans may be sealed. They contain no secret information and are safe to distribute publicly.

  • vault: holds a plan, the ciphertext for the protected data, and intermediate (non-secret) material required for decryption. There is no unencrypted secret data in the vault artifact. The lock command creates a vault which can be decrypted with the unlock command.

  • material: the serialized input/output of a node for a vault. Secret material data is stored in the database, non-secret data may be stored as part of the vault. Allows sharing of solutions to nodes (secret data) between users with the import & export command.

Reference

  • cryptex: the combination of an encryption construct (like Shamir's Secret Sharing, NaCl's secretbox, or OpenPGP public key encryption) along with any required configuration (public keys, m-of-n values). A cryptex node is a single factor in a multi-factor encryption scheme.

  • seal: a digital signature combined with the cryptographic material needed to verify the signature (e.g. a public key).

  • secret: the sensitive input data required to lock and/or unlock a single cryptex.

Examples

About

Toolkit for multi-factor, multi-role encryption

Resources

License

Stars

Watchers

Forks

Packages

No packages published