Dark Crystal's encryption wrapper around Shamir's Secret Shares implementation secrets.js-grempe.
Using a semantic versioning system, this module also provides backward compatibility to Dark Crystal records out there in the wild. This is required as we incrementally update Dark Crystal's encryption schemes, exploring, experimenting and improving our implementation.
const { pack, unpack. share, verify, combine } = require('dark-crystal-secretes')
const labelledSecret = pack('burried under my tree fort', 'treasure chest 1')
const shares = share(labelledSecret, 5, 3) // split into 5 parts, quorum 3
shares.forEach(share => console.log(validateShard(share, '2.0.0'))
const validity = verify(share.slice(0,3), '2.0.0')
console.log(validity)
const recoveredLabelledSecret = combine(share.slice(0,3), '2.0.0')
const { secret, label } = unpack(recoveredLabelledSecret, '2.0.0')The secret is bundled up with the label given to the secret and stringified as JSON
The secret is separated from the label and returned as an object
- Generates a
MACwhich is composed the first 32 characters (16 bytes) of aSHA256hash of thesecret - Concatenates it at the beginning of the
secret - Splits the secret into
numOfShards, wherequorumis the number required to reassemble - Compresses the
shardsfromhexintobase64for more efficient storage
- Decompresses the
shardsfrombase64tohex - Reassembles the secret
- Checksig
MACgenerated from the newly returned secret match theMACattached to the returned secret.- Returns
falseif fails to pass check
- Decompresses the shards from base64 to hex
- Reassembles the secret
- Checksig
MACgenerated from the newly returned secret match theMACattached to the returned secret.- Throws an error if it fails to pass the check
- Returns the
JSONstring secret
- Decompresses the shards from base64 to hex
- Extracts components of the shard
bits: [Number] The number of bits configured when the share was created.id: [Number] The ID number associated with the share when created.data: [String] A hex string of the actual share data.