Module devolutions_crypto::secret_sharing

Expand description

Module for creating keys splitted between multiple parties. Use this for “Break The Glass” scenarios or when you want to cryptographically enforce approval of multiple users.

This module is used to generate a key that is splitted in multiple Share and that requires a specific amount of them to regenerate the key. You can think of it as a “Break The Glass” scenario. You can generate a key using this, lock your entire data by encrypting it and then you will need, let’s say, 3 out of the 5 administrators to decrypt the data. That data could also be an API key or password of a super admin account.

use devolutions_crypto::secret_sharing::{generate_shared_key, join_shares, SecretSharingVersion, Share};

// You want a key of 32 bytes, splitted between 5 people, and I want a
// minimum of 3 of these shares to regenerate the key.
let shares: Vec<Share> = generate_shared_key(5, 3, 32, SecretSharingVersion::Latest).expect("generation shouldn't fail with the right parameters");

assert_eq!(shares.len(), 5);
let key = join_shares(&shares[2..5]).expect("joining shouldn't fail with the right shares");

Re-exports

pub use super::SecretSharingVersion;

Structs

Share
A part of the secret key. You need multiple of them to recompute the secret key.

Functions

generate_shared_key
Generate a key and split it in n_shares. You will need threshold shares to recover the key.
join_shares
Join multiple Share to regenerate a secret key.