[Devember2021] File encryption using sharded secrets

I want to create an application that can encrypt and decrypt files using a secret sharing algorithm, with configurable shard count and minimum shard count.

It should also have a GUI, but I’m unsure whether I’ll use something that’s working only under Linux or whether it’ll also support windows.

Optionally, a fuse driver that can en- and decrypt folders on the fly and expose them as a filesystem.

I’ll probably detail some of this over the next days, but that’s my basic plan so far, feel free to speak your mind.

2 Likes

A cross platform GUI for ssss would be very cool.

What programming language were you thinking of using?

Either kotlin or rust probably, for something more low level like encryption it might be rust. Maybe a combination, using rust for low level stuff and kotlin for the GUI or something like that.

It’s planned to be different from ssss, by not splitting the file, but rather doing normal file encryption using AES and then just splitting the symmetric key.

Published what I have so far. It should be a semi-functional AES-XTS wrapper, but I’m still working on getting it working correctly:

Well I did a bunch of poking with AES XTS, but that doesn’t seem to really work because I can’t encrypt partial blocks.

I think I’ll resort to a less efficient, but working additional metadata file and then split the file into larger (something like 4M) chunks and encrypt them with AES GCM or something like that.

Problem is, I have to always read, write, de- and encrypt a whole chunk at a time and I need something like a separate metadata side file, that stores all the keys because for every chunk there there has to be a key and IV generated and saved (which also takes up space).

If you are experienced in crypto stuff and have a better idea I’m happy to improve the algorithm.

Quick update: I basically give up (at least for this year), but I still want to complete it (still have some local changes where I already implemented parts of the new algorithm), maybe over the course of next year or maybe for next devember, but I didn’t have enough time this year.