Multikey
download, unpack. run ./compile.sh
now with multikey you can create n files from which you must take
at least k files to reproduce the original secret file. (k<n)
for example if you have an account number of a 100000$ account.
you store the account number in a file. the one who can read the file can
get the money. you have 10 persons. you want that if at least 3 of those persons
want to get the money, they can go to the bank and get the money.
you use redun like this:
create some files. (EQUALLY SIZED)
let'S say you created the files f1 f2 f4
now type
how this works is nothing magic and is based on old known facts in mathematics.
if you have a polynom of 9th degree, you need 10 points to fully specify it.
lets say the 10 discs give us the 10 points in the polynom. then we can calculate
other points in the polynom and store them on disc. now we can take an arbitrary set
of 10 points from disc and recalculate the polynom. that's all.
for calculating i use the GF(2^8) system. because there we can always divide
without reminder. and we can use the bytes as y values in our polynom. so for every n-th
byte in the discs i create a polynom and calculate the other n-th bytes for the other discs.
if you need further information, don't try to understand my sourcecode ;) better read
some books.
as explained "redun" is nothing new, and indeed you find other programs that
do this job like
create a secret file.
with multikey you can create 10 files out of your account number file.
all of those files have absolutly no meaning. they are all like random data.
only if you have 3 arbitrary of those files, you will be able to reconstruct your account number.
How does multikey work?
multikey consists of several programs.
randsplit
randsplit takes a file with a size of n bits. it creates k files that are also
of size n bits. k-1 of the k files are pure random data. (the random data
get's created by linux /dev/urandom entropy generator. the security of multikey
bases on the security of randsplit which bases on the randomness of the entropy generator.
keep this in mind)
the last of the k files
is the original file bitwise XORed with the k-1 pure random data files.
so what you get is k files which are all like pure random data.
an example: if k=10 it does not matter if you have zero, one, two, ... , nine of
the 10 files, you always have pure random data. only if you have 10 of the files you get
the original.
randjoin
randjoin reverses the effect of randsplit. it takes k files of n bits size.
it creates one output file also of n bits size. each bit in the output file
is the XOR of the bits of the k input files.
redun
the idea of "redun" comes from the stone-age of computer science. in those days you used
floppy discs to carry data. often a single disc was too small. so it took let's say
10 discs to carry your data. you needed 2 hours to drive to your friend and give him
your data. if one disc got damaged, the 2 hours have been wasted. so what could you do?
carry 20 discs. then there are always 2 discs with the same data. but if just the right
two discs crashed that carried the same data, you where lost again. the idea of the
"redun" program is to take let's say 12 discs and then 2 ARBITRARY of the discs may
crash. you can also take 15 discs. then 5 ARBITRARY of the discs may crash and you still
have your original data.
./redun f1 f2 f3 f4
"redun" looks and sees f1,f2,f4 exist, so it will READ those files.
it sees that f3 does not exist, so it will WRITE this file.
the order of parameters is IMPORTANT and must keep always the same. if you mix
the keys to wrong positions in the parameter list, wrong results will be calculated.
now since we used 3 original files, we have only created one single redundancy file.
so let's delete one arbitrary of the files.
rm f1
now let's reconstruct f1.
./redun f1 f2 f3 f4
redun will see f2,f3,f4 exist, so it will READ those files.
it sees that f1 does not exist, so it will WRITE this file.
easy ain't it?
makekeys.sh
makekeys.sh is just a rudimentary shell script that unites the above programs.
give it a secret file, it will first use "randsplit" to create n files. then it uses
"redun" to build additional redundancy files.
unlockdoor.sh
unlockdoor.sh is also just a rudimentary shell script that unites the above programs.
give it a set of keys and tell it how many keys you need at minimum. (giving the wrong
value here results in wrong results). it will first call "redun" to rebuild the needed
first n keys. then it uses "randjoin" to recalculate the original file.
show me an example
erik@vulcain:~/prj/multikey/multikey > cat >secret
I am very important secret file
erik@vulcain:~/prj/multikey/multikey > ./makekeys.sh
Usage: makekeys.sh plainfile keyprefix numkeys numenoughkeys
Example: makekeys.sh plain key_ 10 7
erik@vulcain:~/prj/multikey/multikey > ./makekeys.sh secret key_ 5 2
Randomized splitting of your key into 2 keys.
Building redundant additional 3 keys.
all done. you now have the keyfiles
key_0 key_1 key_2 key_3 key_4
You only need 2 of those files to reconstruct your file "secret"
erik@vulcain:~/prj/multikey/multikey > ls -l key*
-rw-r----- 1 erik erik 32 Jan 24 20:50 key_0
-rw-r----- 1 erik erik 32 Jan 24 20:50 key_1
-rw-r----- 1 erik erik 32 Jan 24 20:50 key_2
-rw-r----- 1 erik erik 32 Jan 24 20:50 key_3
-rw-r----- 1 erik erik 32 Jan 24 20:50 key_4
erik@vulcain:~/prj/multikey/multikey > rm key_3 key_0 key_2
erik@vulcain:~/prj/multikey/multikey > ls -l key*
-rw-r----- 1 erik erik 32 Jan 24 20:50 key_1
-rw-r----- 1 erik erik 32 Jan 24 20:50 key_4
erik@vulcain:~/prj/multikey/multikey > ./unlockdoor.sh
Usage: unlockdoor.sh keyprefix outputsecret numenoughkeys
Example: unlockdoor.sh key_ mysecret 7
erik@vulcain:~/prj/multikey/multikey > ./unlockdoor.sh key_ output 2
i found 2 keyfiles.
Thats enough keyfiles. proceeding...
Now rebuilding the eventually missing keys.
Now reuniting the keys to get the secret file.
all done. you now have the secret file "output"
erik@vulcain:~/prj/multikey/multikey > cat output
I am very important secret file
erik@vulcain:~/prj/multikey/multikey >