git-annex/doc/tips/Shamir_secret_sharing_and_git-annex.mdwn

22 lines
1.1 KiB
Text
Raw Normal View History

2014-01-24 04:50:07 +00:00
Combining git-annex with [Shamir secret sharing](http://en.wikipedia.org/wiki/Shamir%27s_Secret_Sharing)
is an useful way to securely back up highly sensitive files,
2014-01-24 05:05:01 +00:00
such as a gpg key or bitcoin wallet.
2014-01-24 04:50:07 +00:00
Shamir secret sharing creates N shares of a file, of which any M can be
used to reconstitute the original file. Anyone who has less than M shares
cannot tell anything about the original file, other than its size.
Where git-annex comes in is as a way to manage these shares. They can be
added to the annex, and then git-annex used to move one share to each clone
of the repository. Since git-annex keeps track of where each file is
stored, this can aid later finding the shares again when they're needed, as
well as making ongoing management of the shares easier.
Note that this conveniece comes at a price: Any attacker who gets a copy
of the git repository can use it to figure out where the shares are
located. While this is not a crippling flaw, and can be worked around, it
needs to be considered when implementing this technique.
Here is an example of this method being used for a ~/.gnupg directory:
<http://git.kitenet.net/?p=gpg.git;a=blob;f=README.sss>