Shamir’s Secret Sharing is a mechanism by which N people may each have a piece of of information, such that when any M people come together the pieces can be used to reproduce a secret – but if only M-1 pieces are brought together, you have zero bits of the secret.
It’s a really clever bit of math, invented by Adi Shamir (of RSA fame) based on polynomials.
I’ve been looking at various implementations of the technique for some time and have been playing most significantly with “SSSS” by one Mr. B. Poettering. His code is wonderfully simple (as such things can be), and I had precisely no problems getting it working on my Mac.
I have, for some time, been maintaining a Github repo that incorporates his last build, a patch he offers but hasn’t actually packaged up into a new release, plus a few very minor touchups on my part.
I am happy to say that as of today, all of the major items I wished to accomplish are completed:
- Improved setup instructions / build and install process. That boils down to:
- Better docs.
makeresilient to not having
- Adding a
- Add an option causing a failure to
memlockto be a fatal error.
- More consistent use of
stderrto facilitate automation.
- Cryptographically signed git tags so people can verify that my releases have not been tampered with.
As of today, all of the above are done. Please go check it out – and be sure
to verify the tag before building (see the
README.md for details!).
The only item on my TODO list remaining was a binary release – but I think
that may wind up being supplanted by a Homebrew
Formula, as Homebrew provides all the dependencies (MacPorts still doesn’t
xmltoman), and has already managed to make my life easier than
MacPorts ever did.