安全共享一个秘密实现shamir的秘密共享
secretshare的Python项目详细描述
secretshare
一个简单的库实现了adi shamir的“如何共享秘密”算法。它目前非常有限,因为它使用带素数的整数运算,因此将共享机密的大小限制为8192位(1024字节)未来的版本可能会实现某种形式的无限流共享,但这不是它当前的目标,它正在用于加密应用程序。
这个库是Dungeon Password Manager项目的一部分。
要求
- Python3.6+
- Passphrase
安装
克隆repo运行make package-install
,或者出于开发目的,make devenvironment
使用pipenv install
或pip install -r requirements.txt
安装依赖项。
用法
fromsecretshareimportSecret,SecretShare,Sharedefemail(recipient,body):"""Simulate sending an email."""print(f'Recipient: {recipient} - Body: {body}')# Generate a new random secretsecret=Secret()# Or use an existing onesecret.value=12345267890# Or directly: secret = Secret(1234567890)# If your secret is not an integer, you can use these methods# from_bytes()# from_base64()# from_hex()# Share the secretshare_count=5# How many pieces will the secret be split into?threshold=3# How many pieces are required to recover the secret?shamir=SecretShare(threshold,share_count,secret=secret)shares=shamir.split()print(shamir.shares)# [Share(point=1, value=110014556089737955654312725615756332615), Share(point=2, value=270561733948920165984210681299343881767), Share(point=3, value=141359166656608167526319259631339703839), Share(point=4, value=62689221133740423744013068043512010338), Share(point=5, value=34551897380316934637292106535860801264)]# shamir.shares are the same as `shares`, returned by the split() method# Now deliver the shares to each recipientrecipients=('r1@email.com','r2@email.com','r3@email.com','r4@email.com','r5@email.com')fori,shareinenumerate(shares):email(recipients[i],str(share))# Send in base64# A Share can be converted to several convenient formats:# bytes(share), share.to_bytes()# str(share)# share.to_hex(), hexlify(bytes(share))# share.to_base64()# Note: a Secret can be converted the very same way# To recover the secret, get the share from each holder # Each Share has a point and a values1=Share(1,335597737083070970356431407479895583486)s2=Share(2,138424231339574140617068979728677909704)s4=Share()# They are both encoded together for conveniences4.from_base64('BQBGQMaGiRzWb0gO3gGEotVL')# The share count and threshold information is NOT saved anywhere# so the developer must save it somewhere as it is public# information and there's no risk in storing it.# As a matter of fact, those parameters are not really needed to recover a# secret. If you provide less shares than the threshold then you will get a# secret value that will be incorrect. There's no way to tell from the result# whether the amount of shares are actually correct or not.shamir=SecretShare(threshold,share_count,shares=[s1,s2,s4])secret=shamir.combine()print(secret)# At/V1rI=print(int(secret))# 1234567890# If the wrong number of shares is provided, an incorrect result# is obtained. This is because this algorithm can't validate the result.# The developer should verify the secret obtained by comparing into# a hash, preferably using a secure KDF such as Argon2.# Alternatively, it might be more convenient to verify each share# against a hash: if the provided shares are valid the result# will be correct.
开发
安装开发需求,用make test
运行测试,用make lint
运行lint使用make coverage
检查测试覆盖率(必须为100%)。
许可证
secretshare由HacKan在gnu gpl v3.0+下创建。您可以根据license的条款自由使用、共享、修改和共享修改
Copyright (C) 2018 HacKan (https://hackan.net)
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.