2014-01-24 04:50:07 +00:00
|
|
|
Combining git-annex with [Shamir secret sharing](http://en.wikipedia.org/wiki/Shamir%27s_Secret_Sharing)
|
|
|
|
is an useful way to securely back up highly sensitive files,
|
2014-01-24 05:05:01 +00:00
|
|
|
such as a gpg key or bitcoin wallet.
|
2014-01-24 04:50:07 +00:00
|
|
|
|
|
|
|
Shamir secret sharing creates N shares of a file, of which any M can be
|
|
|
|
used to reconstitute the original file. Anyone who has less than M shares
|
|
|
|
cannot tell anything about the original file, other than its size.
|
|
|
|
|
|
|
|
Where git-annex comes in is as a way to manage these shares. They can be
|
|
|
|
added to the annex, and then git-annex used to move one share to each clone
|
|
|
|
of the repository. Since git-annex keeps track of where each file is
|
|
|
|
stored, this can aid later finding the shares again when they're needed, as
|
|
|
|
well as making ongoing management of the shares easier.
|
|
|
|
|
|
|
|
Note that this conveniece comes at a price: Any attacker who gets a copy
|
|
|
|
of the git repository can use it to figure out where the shares are
|
|
|
|
located. While this is not a crippling flaw, and can be worked around, it
|
|
|
|
needs to be considered when implementing this technique.
|
|
|
|
|
|
|
|
Here is an example of this method being used for a ~/.gnupg directory:
|
|
|
|
<http://git.kitenet.net/?p=gpg.git;a=blob;f=README.sss>
|