This PoC is not quite same with normal shamir's secret sharing, it introduces using asymmetric cryptography to restore the secret.
- command line tool for PoC
- client-server structure
- Provide this service as public API
dodo
would storage its data under ~/.dodo
in json files, you could inspect them.
mkdir try-dodo
cd try-dodo
for name in 'alice' 'bob' 'carol' 'dave' 'eve'; do
ssh-keygen -m pem -N '' -C $name -f $name
done
go install github.com/dodo-says/dodo/cmd/dodo@master
Thanks to cobra, dodo
provides completion for bash
, zsh
, fish
and powershell
, using completion would improve the experience, see:
dodo completion bash --help
dodo completion zsh --help
- etc...
Committee is a group of participants who share the same secret.
dodo committee add --description "dodo's first committee" dodo
for name in 'alice' 'bob' 'carol' 'dave' 'eve'; do
dodo committee-member add --committee-name dodo --public-key $name.pub $name
done
Someone (like me), create a new record with message "STRRL is a lazy guy". And it requires at least 4
(by --threshold
)approval from the committee to decrypt this message.
dodo record add --committee-name dodo --message "STRRL is a lazy guy" --threshold 4
replace the ids when you execute the following commands
❯ dodo record list --committee-name dodo
ID Description Committee Threshold
af84039a-6d08-49d7-8428-076b91639082 dodo 4
❯ dodo decrypt-proposal create --record-id 22735228-f8fb-4691-b728-863bf5694210 --reason "I think this message is dangerous"
❯ dodo decrypt-proposal list
ProposalID RecordID Reason
49eef4c6-c62e-43c2-9747-f3eb79e98c5f af84039a-6d08-49d7-8428-076b91639082 I think this message is dangerous
❯ dodo decrypt-proposal inspect --proposal-id 49eef4c6-c62e-43c2-9747-f3eb79e98c5f
Proposal ID: 49eef4c6-c62e-43c2-9747-f3eb79e98c5f
Proposal Reason: I think this message is dangerous
Record ID: af84039a-6d08-49d7-8428-076b91639082
Record Description:
Committee: dodo
Approve Committee Members:
❯ dodo record decrypt --record-id af84039a-6d08-49d7-8428-076b91639082
No proposal has enough approvals, you should concat with other committee members for more approvals
Available proposals:
Proposal ID: 49eef4c6-c62e-43c2-9747-f3eb79e98c5f, Reason: I think this message is dangerous, threshould: 4, approved members:
It uses age to decrypt the content with the SSH private key. age is an alternative to gpg, and could work with SSH keys.
You could install age by:
go install filippo.io/age/cmd/...@latest
# notice that alice doesn't approve the proposal
export PROPOSAL_ID=49eef4c6-c62e-43c2-9747-f3eb79e98c5f
for name in 'bob' 'carol' 'dave' 'eve'; do
dodo decrypt-proposal get-encrypted-slice --proposal-id $PROPOSAL_ID --member-name $name | age -d -i ./$name | dodo decrypt-proposal approve --proposal-id $PROPOSAL_ID
done
❯ dodo decrypt-proposal inspect --proposal-id 49eef4c6-c62e-43c2-9747-f3eb79e98c5f
Proposal ID: 49eef4c6-c62e-43c2-9747-f3eb79e98c5f
Proposal Reason: I think this message is dangerous
Record ID: af84039a-6d08-49d7-8428-076b91639082
Record Description:
Committee: dodo
Approve Committee Members: bob, carol, dave, eve
❯ dodo record decrypt --record-id af84039a-6d08-49d7-8428-076b91639082
Decrypted record: STRRL is a lazy guy
cd ../
rm -rf try-dodo
rm -rf ~/.dodo