aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--README36
-rwxr-xr-xshare/keyringer/ssss-split17
2 files changed, 53 insertions, 0 deletions
diff --git a/README b/README
index 0f77dc2..7d22529 100644
--- a/README
+++ b/README
@@ -79,6 +79,42 @@ Fill it with your friends key IDs. Now encrypt a secret just for then:
In other words, if keyringer finds a recipient file matching a given path,
it will use it instead of the global recipients file.
+SSSS Support
+------------
+
+SSSS support comes with "ssss group" files where each file (say
+config/ssss/ssss-groupA) has one recipient file per line.
+
+Command line syntax is:
+
+ keyringer <keyring> ssss-split <secret-name> [ssss-group] [ssss-options]
+
+So if we have:
+
+ config/recipients/recipientsA:
+
+ user1@domain
+ user2@domain
+
+ config/recipients/recipientsB
+
+ user3@domain
+ user4@domain
+
+ config/ssss/ssss-groupA:
+
+ recipientsA
+ recipientsB
+
+Then the following command
+
+ keyringer <keyring> ssss-split secret-data ssss-groupA
+
+would split some data into distinct files:
+
+ keys/recipientsA/secret-data.asc: encrypted to user{1,2}@domain
+ keys/recipientsB/secret-data.asc: encrypted to user{3,4}@domain
+
Managing keys
----------------
diff --git a/share/keyringer/ssss-split b/share/keyringer/ssss-split
new file mode 100755
index 0000000..e414f0f
--- /dev/null
+++ b/share/keyringer/ssss-split
@@ -0,0 +1,17 @@
+#!/bin/bash
+#
+# Encrypt files to multiple recipients using SSSS.
+#
+
+# Load functions
+LIB="`dirname $0`/../../lib/keyringer/functions"
+source "$LIB" || exit 1
+
+# Check requirements
+ssss="`which ssss`";
+if [ "$?" != "0" ]; then
+ echo "Please install ssss first."
+ exit 1
+fi
+
+# TODO