secretfsA secret sharing filesystem

A secret sharing filesystem

Bazaar-NG Branch
Archive version
Bazaar-NG archive format 2a
Software assumptions
bzr, GCC, Make, libfuse, libgfshare

Quick explanation

This filesystem allows you to combine secrets made by libgfshare spliting a secret into shares. In particular this filesystem supports some of the shares appearing/vanishing and copes by marking files unreadable until all the shares are readable.

Example use-case for secretfs

Your SSH private key (id_rsa) is split into a 2-of-N share and one share is placed on your laptop and one on a USB stick. You want your laptop to always have id_rsa available if the USB key is inserted. You create a secretfs root and mount point and mount it. You place one share into the root and a symlink to where the USB key's share will appear. When the USB share is available, a readable id_rsa turns up in the mount point. You then symlink that into your .ssh directory and thus when your USB stick is present, you can ssh with your key.

The nitty-gritty

Each shared element must have a symlink (or have the share present) with the filename myfilename.NNN where the 'NNN' is the share number in each case. (Exactly how the gfsplit tool produces its output) Note that secretfs does not support subdirectories and it's not massively predictable what happens if the shares aren't all the same size.

The filesystem will create a node for filename in the mount point. If all of the shares are readable then the file will have the owner-read bit set, otherwise it will have no mode bits set.

If you want to get it from the bzr branch:

# Assuming you have bzr etc.
$ bzr branch secretfs
# ... time passes as stuff is downloaded.
$ cd secretfs
$ make
# ... time passes as the filesystem is built.