python-gfshare 1.1.0 documentation¶
Author: Chris Lamb <chris@chris-lamb.co.uk>
This Python library implements Shamir’s method for secret sharing which can be used to split a “secret” into multiple parts. An arbitrary number of those parts are then needed to recover the original file but any smaller combination of parts are useless to an attacker.
For instance, you might split a GPG key into a “3-of-5” share, putting one share on each of three computers and two shares on a USB memory stick. You can then use the GPG key on any of those three computers using the memory stick. If the memory stick is lost you can ultimately recover the key by bringing the three computers back together again.
Under the hood it uses Daniel Silverstone’s libgfshare library.
Example¶
>>> import gfshare
>>> shares = gfshare.split(3, 5, b"secret")
>>> shares
{104: b'1\x9cQ\xd8\xd3\xaf',
164: b'\x15\xa4\xcf7R\xd2',
171: b'>\xf5*\xce\xa2\xe2',
173: b'd\xd1\xaaR\xa5\x1d',
183: b'\x0c\xb4Y\x8apC'}
>>> gfshare.combine(shares)
b"secret"
We remove 2 shares. We can still reconstruct the secret as we have 3 out of the 5 originals.
>>> del shares['104']
>>> del shares['171']
>>> gfshare.combine(shares)
b"secret"
After removing another share we now cannot reconstruct the original secret.
>>> del shares['164']
>>> gfshare.combine(shares)
b'\xea\x87\x99\x06)\x86'
Methods¶
Generate an “n-of-m” share of a given secret into a number of shares.
The threshold number of shares cannot exceed the total share count.
Parameters: - threshold (int) – The number of shares required to reconstruct the secret (min: 1).
- sharecount (int) – The total number of shares to make (min: 2, max: 253)
- secret (bytes (Unicode objects are converted using the 'utf-8' encoding.) – The secret to split.
Returns: The generated shares associated with their share number.
Return type: dict
Raises: ValueError, TypeError
Combine a number of shares generated by
split()to form the original secret.If the share cannot be reconstructed, the result is undefined.
Parameters: shares (dict) – A dict of int,bytespairs.Returns: The original secret (if available) Return type: bytes Raises: ValueError, TypeError, RuntimeError
Copyright¶
Copyright (C) 2017, 2018, 2019 Chris Lamb <chris@chris-lamb.co.uk>
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions
are met:
1. Redistributions of source code must retain the above copyright
notice, this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
3. Neither the name of the University nor the names of its contributors
may be used to endorse or promote products derived from this software
without specific prior written permission.
THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
SUCH DAMAGE.