aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--README26
-rwxr-xr-xshare/keyringer/ssss-split17
2 files changed, 43 insertions, 0 deletions
diff --git a/README b/README
index a20c32c..a202ead 100644
--- a/README
+++ b/README
@@ -76,6 +76,32 @@ Fill it with your friends key IDs. Now encrypt a secret just for then:
In other words, if keyringer finds a recipient file matching a given path,
it will use it instead of the global recipients file.
+SSSS Support
+------------
+
+Say you have the following recipients:
+
+ - admins-1
+ - admins-2
+ - admins-3
+ - admins-4
+
+And you want to split a secret among these groups.
+
+ keyringer <keyring> ssss-split <secret-name> <threshold> 4 [options]
+
+This will generate 4 files in you keyringer:
+
+ keys/admins-1/secret-name.asc
+ keys/admins-2/secret-name.asc
+ keys/admins-3/secret-name.asc
+ keys/admins-4/secret-name.asc
+
+Each of them has one different ssss share. Decryption of one sharing
+is straightforward. Say you're on admins-1 group:
+
+ keyringer <keyring> decrypt admins-1/secret-name
+
Managing keys
----------------
diff --git a/share/keyringer/ssss-split b/share/keyringer/ssss-split
new file mode 100755
index 0000000..e414f0f
--- /dev/null
+++ b/share/keyringer/ssss-split
@@ -0,0 +1,17 @@
+#!/bin/bash
+#
+# Encrypt files to multiple recipients using SSSS.
+#
+
+# Load functions
+LIB="`dirname $0`/../../lib/keyringer/functions"
+source "$LIB" || exit 1
+
+# Check requirements
+ssss="`which ssss`";
+if [ "$?" != "0" ]; then
+ echo "Please install ssss first."
+ exit 1
+fi
+
+# TODO