Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/adrianosela/multikey
n-out-of-N-keys encryption framework based on shamir's secret sharing algorithm
https://github.com/adrianosela/multikey
Last synced: 2 months ago
JSON representation
n-out-of-N-keys encryption framework based on shamir's secret sharing algorithm
- Host: GitHub
- URL: https://github.com/adrianosela/multikey
- Owner: adrianosela
- License: mpl-2.0
- Created: 2019-08-10T21:01:27.000Z (about 5 years ago)
- Default Branch: master
- Last Pushed: 2024-05-20T14:51:57.000Z (5 months ago)
- Last Synced: 2024-06-20T17:53:20.120Z (3 months ago)
- Language: Go
- Size: 85 KB
- Stars: 4
- Watchers: 3
- Forks: 2
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
- awesome-go - multikey - An n-out-of-N keys encryption/decryption framework based on Shamir's Secret Sharing algorithm. (Security / HTTP Clients)
README
# multikey - Require n-of-N keys to decrypt
[![Go Report Card](https://goreportcard.com/badge/github.com/adrianosela/multikey)](https://goreportcard.com/report/github.com/adrianosela/multikey)
[![GitHub issues](https://img.shields.io/github/issues/adrianosela/multikey.svg)](https://github.com/adrianosela/multikey/issues)
[![Documentation](https://godoc.org/github.com//adrianosela/multikey?status.svg)](https://godoc.org/github.com/adrianosela/multikey)
[![license](https://img.shields.io/github/license/adrianosela/multikey.svg)](https://github.com/adrianosela/multikey/blob/master/LICENSE)
[![Mentioned in Awesome Go](https://awesome.re/mentioned-badge.svg)](https://github.com/avelino/awesome-go#security)#### Allows for the creation of decryption rules for secrets at rest, for example:
- Decrypt if **any** of 5 keys are provided
- Decrypt if **all** of 5 keys are provided
- Decrypt if **at least 3** of 5 keys are provided#### Example use cases:
- I want anyone on my team to be able to decrypt shared application runtime secrets with their own key locally, and have my deployments be able to decrypt the same secrets by fetching a decryption key from AWS KMS
- I want my team to be able to access a highly privileged secret in emergency situations, by having n/N team members provide their key... many more
#### Benefits of using this:
- Allows for managing secrets with complex rules
- Allows for secrets to be encrypted at rest, which means they can live on your Github, and you don't have to pay for a database or rely on an external service## Usage
```
import "github.com/adrianosela/multikey"
```#### Encrypt:
```
mkEncryptedSecret, err := multikey.Encrypt(plainTxtSecret, pubKeys, requireN)
checkErr(err)
```
#### Decrypt:
```
plainTxtSecret, err := multikey.Decrypt(mkEncryptedSecret, privKeys)
checkErr(err)
```