Added Funding

.github/FUNDING.yml

@@ -0,0 +1,7 @@
+github: kevinveenbirkenbach
+
+patreon: kevinveenbirkenbach
+
+buy_me_a_coffee: kevinveenbirkenbach
+
+custom: https://s.veen.world/paypaldonate

.gitignore

@@ -1 +1,2 @@
 __pycache__
+INSTRUCTIONS.md

README.md

@@ -0,0 +1,95 @@
+# Split Secret (sisec) 🔐
+[![GitHub Sponsors](https://img.shields.io/badge/Sponsor-GitHub%20Sponsors-blue?logo=github)](https://github.com/sponsors/kevinveenbirkenbach) [![Patreon](https://img.shields.io/badge/Support-Patreon-orange?logo=patreon)](https://www.patreon.com/c/kevinveenbirkenbach) [![Buy Me a Coffee](https://img.shields.io/badge/Buy%20me%20a%20Coffee-Funding-yellow?logo=buymeacoffee)](https://buymeacoffee.com/kevinveenbirkenbach) [![PayPal](https://img.shields.io/badge/Donate-PayPal-blue?logo=paypal)](https://s.veen.world/paypaldonate)
+
+
+[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](LICENSE) [![GitHub stars](https://img.shields.io/github/stars/kevinveenbirkenbach/split-secret.svg?style=social)](https://github.com/kevinveenbirkenbach/split-secret/stargazers)
+
+Split Secret is a versatile command-line tool for securely splitting a master secret among multiple users. Only when a defined quorum of users combines their secret shares can the original secret be decrypted. The tool also supports robust encryption, decryption, and cleanup operations to ensure sensitive data is managed securely throughout the process.
+
+---
+
+## 🛠 Features
+
+- **Secret Splitting:** Divide a master secret into shares distributed among users.
+- **Encryption & Decryption:** Securely encrypt and decrypt data files using strong cryptographic methods.
+- **User Management:** Add and manage user information along with their secret shares.
+- **Cleanup Operations:** Remove decrypted files after processing to maintain security.
+- **Interactive Modes:** Operate in active, preview, or interactive modes to match your workflow.
+- **Parallel Processing:** Efficiently handles file operations using process pooling.
+
+---
+
+## 📥 Installation
+
+Install Split Secret via [Kevin's Package Manager](https://github.com/kevinveenbirkenbach/package-manager) under the alias `sisec`:
+
+```bash
+package-manager install sisec
+```
+
+This command installs Split Secret globally, making it available as `sisec` in your terminal. 🚀
+
+---
+
+## 🚀 Usage
+
+Split Secret offers several modes for managing your secrets. Here are a few example commands:
+
+### Cleanup Data
+To delete all unnecessary decrypted and encrypted files:
+```bash
+sisec --mode cleanup
+```
+
+### Encrypt Data & Generate Meta Data
+Encrypt the master secret file and generate encrypted metadata with additional user information:
+```bash
+sisec --secret-holders-amount 3 --quota 50 --mode encrypt --add-user-information --master-password "your_master_password" --meta --add-user-information << EOL
+Alan Turing
++12358
+turing@turing-bomb.world
+Bletchley Park
+¯\_(ツ)_/¯
+Ada Lovelace
++132134
+best@algorythm.ai
+Somewhere in London
+:)
+John von Neumann
++5488142
+test@test3.de
+Washington D.C.
+<3 <3 <3
+EOL
+```
+
+### Decrypt Meta Data File
+To decrypt the accumulated metadata file:
+```bash
+sisec --mode decrypt --meta
+```
+
+For additional commands and options (such as user-specific decryption, file type filtering, or recursive processing), use:
+```bash
+sisec --help
+```
+
+---
+
+## 🧑‍💻 Author
+
+Developed by **Kevin Veen-Birkenbach**  
+- 📧 [kevin@veen.world](mailto:kevin@veen.world)  
+- 🌐 [https://www.veen.world](https://www.veen.world)
+
+---
+
+## 📜 License
+
+This project is licensed under the **MIT License**.
+
+---
+
+## 🤝 Contributions
+
+Contributions are welcome! Please feel free to fork the repository, submit pull requests, or open issues if you have suggestions or encounter any problems. Let's work together to make secure secret management accessible and efficient! 😊

Readme.md

@@ -1,66 +0,0 @@
-# Splitted Secret
-The purpose of this software is to splitt a secret over multiple people. Just if a defined amount of this people meet together they can encrypt the secret and have access to it. 
-
-# testing
-```bash 
-python scripts/main.py --mode cleanup && 
-echo "werewrw" > data/decrypted/main_data/test123.txt
-echo "werewrw" > data/decrypted/main_data/test124.txt
-mkdir data/decrypted/main_data/folder
-echo "werewrw" > data/decrypted/main_data/folder/test124.txt
-
-python scripts/main.py --amount 3 --quota 50 --mode encrypt --add-user-information --master-password "ewrwerwerew"  << END_OF_INPUTS
-alpha bravo
-123123812908
-asfdasd@asdskjd.de
-street in straat
-charlie delta
-1888888
-sadasfdasd@asdskjd.de
-street in strutt
-echo2 foxtrott
-99999999
-asfdasd@sdskjd.de
-street in strasdlasöd
-END_OF_INPUTS
-python scripts/main.py --mode decrypt --master-password "ewrwerwerew" 
-
-
-python scripts/main.py --mode cleanup --file-types decrypted && 
-python scripts/main.py --mode decrypt --user "1" --user-password "Y4GYTEW80SCQQDTIKOJ6YNCIP6MBBEM68SCKBAA1VWAQFRSPNGHEBKHSFZQENDRB" << END_OF_INPUTS
-2
-VGCQPW2LIKJ7SDFFLUZXBXGFPZ6L8RGPTS7TLCNN9GLR82RPHRSN34YZUXF0L27V
-END_OF_INPUTS
-```
-# Requirements to know
-- Amount of People
-- How much people need to reunite for decrypting
-
-# Requirements to implement
-- Plattform independend
-- easy to use
-
-# required software
-```bash 
-    pip install numpy
-    gpg
-    ecryptfs-utils 
-    ecryptfs-simple
-    python
-    pip
-```
-
-## todo 
-- implement tails setup script
-- add data-input attribut
-- add data-output attribut
-- write scenario test
-
-## Further Information
-- https://www.tutorialspoint.com/python/python_command_line_arguments.htm
-- https://docs.python.org/3/library/argparse.html#module-argparse
-- https://wiki.ubuntuusers.de/GoCryptFS/
-- https://pynative.com/python-generate-random-string/
-- https://www.studimup.de/abitur/stochastik/anzahl-der-m%C3%B6glichketen-berechnen-kombinatorik/
-- https://numpy.org/doc/stable/reference/generated/numpy.base_repr.html?highlight=base_repr#numpy.base_repr
-- https://linuxconfig.org/how-to-create-compressed-encrypted-archives-with-tar-and-gpg

data/encrypted/user_files/.gitignore

@@ -1 +1 @@
-*.gpg
+*.json.pgp

requirements.txt

@@ -0,0 +1,2 @@
+pacman -S gpg tar python pip python-pip
+pip install numpy

scripts/classes/Cleanup.py

@@ -5,12 +5,15 @@ class Cleanup():
         self.cli = cli
         self.paths = paths
     
-    def getAllFilePaths(self,file_type):
-        all_file_paths = [
+    def getMetaFilePaths(self,file_type):    
+        return [
             self.paths.getGroupFilesFolderPath(file_type),
-            self.paths.getUserFilesFolderPath(file_type),
+            self.paths.getUserFilesPath(file_type),
             self.paths.getAccumulatedFilePath(file_type)
         ]
+    
+    def getAllFilePaths(self,file_type):
+        all_file_paths = self.getMetaFilePaths(file_type)
         if file_type == Paths.TYPE_DECRYPTED:
             all_file_paths.append(self.paths.getDecryptedMainDataStandartFolder())
         return all_file_paths
@@ -19,7 +22,7 @@ class Cleanup():
         try:
             self.cli.executeCommand('rm -r ' + folder_path + '*')
         except Exception as error:
-            print(error)
+            pass
     
     def cleanupFiles(self,file_type):
         for folder_path in self.getAllFilePaths(file_type):
@@ -29,9 +32,13 @@ class Cleanup():
         try:
             self.cli.executeCommand('find "' + self.paths.getDataFolderPath(Paths.TYPE_ENCRYPTED) + '" -not -name "*' + str(user) +'*" -type f -print | xargs rm -v')   
         except Exception as error:
-            print(error)
+            pass
         self.cleanupFiles(Paths.TYPE_DECRYPTED)
 
+    def cleanupMetaData(self,file_type):
+        for folder_path in self.getMetaFilePaths(file_type):
+            self.deleteAllFilesInFolder(folder_path)
+
     def deleteAll(self):
         self.cleanupFiles(Paths.TYPE_ENCRYPTED)
         self.cleanupFiles(Paths.TYPE_DECRYPTED)

scripts/classes/Decryption.py

@@ -1,5 +1,10 @@
 import json
+import os
 from pathlib import Path
+import shlex
+
+class AutomaticIdentificationImpossibleException(Exception):
+    pass
 
 class Decryption():
     
@@ -9,6 +14,18 @@ class Decryption():
         self.cli = cli
         self.paths = paths
     
+    def identifyUser(self):
+        file_type = self.paths.TYPE_ENCRYPTED
+        file_names = next(os.walk(self.paths.getUserFilesPath(file_type)), (None, None, []))[2]
+        users = []
+        user_file_suffix = self.paths.getUserFileSuffix(file_type)
+        for file in file_names:
+            if user_file_suffix in file:
+                users.append(file.replace(user_file_suffix, ''))
+        if len(users) < 2:
+            return users[0]
+        raise AutomaticIdentificationImpossibleException()        
+            
     def initializeUser(self,user_id):
         self.user_id=str(user_id)
         self.user_file_decrypted_path = self.paths.getUserFilePath(self.user_id,self.paths.TYPE_DECRYPTED)
@@ -19,12 +36,18 @@ class Decryption():
         self.initializeNeededDecryptersAmount()
         self.initializeValidDecrypterIds()
     
+    def getEscapedMasterPassword(self):
+        return shlex.quote(self.master_password)
+    
     def initializeGroupDataEncryption(self):
         self.group_name = self.getDecryptersGroupName()
         self.encrypted_group_file_path = self.paths.getGroupFilePath(self.group_name, self.paths.TYPE_DECRYPTED)
         self.decryptGroupFile()
         self.master_password = self.loadTxtFile(self.encrypted_group_file_path).strip()
 
+    def getMasterPassword(self):
+        return self.master_password
+
     def initializeNeededDecryptersAmount(self):
         self.needed_decrypters_amount = len(str(list(self.user_data['groups'].keys())[0]))
     
@@ -54,9 +77,6 @@ class Decryption():
             shared_password += str(self.password_parts[password_share_index])
         return shared_password
     
-    def getMasterPassword(self):
-        return self.master_password
-    
     def addDecrypterId(self,decrypter_id):
         decrypter_id = int(decrypter_id)
         if decrypter_id not in self.valid_decrypter_ids:
@@ -98,7 +118,7 @@ class Decryption():
         return data
     
     def decryptFile(self,password,input_file_path,output_file_path):
-        self.cli.executeCommand('gpg --batch --passphrase "'+ password + '" -o "' + output_file_path +'" "'+ input_file_path+'"')
+        self.cli.executeCommand('gpg --batch --passphrase '+ shlex.quote(password)  + ' -o "' + output_file_path +'" "'+ input_file_path+'"')
     
     def decryptUserFile(self):
         input_file_path = self.paths.getUserFilePath(self.user_id,self.paths.TYPE_ENCRYPTED)
@@ -114,4 +134,4 @@ class Decryption():
         self.decryptFile(self.user_password, input_file_path, output_file_path)
     
     def decryptMainData(self):
-        self.cli.executeCommand('gpg --batch --passphrase "' + self.getMasterPassword() + '" -d "' + self.paths.getEncryptedMainDataFile() + '" | tar --one-top-level="' + self.paths.getDecryptedMainDataStandartFolder() + '" -xvzf -')
+        self.cli.executeCommand('gpg --batch --passphrase ' + shlex.quote(self.getMasterPassword()) + ' -d "' + self.paths.getEncryptedMainDataFile() + '" | tar --one-top-level="' + self.paths.getDecryptedMainDataStandartFolder() + '" -xvzf -')

scripts/classes/Encryption.py

@@ -5,6 +5,7 @@ import numpy
 import re
 import json
 from .Paths import Paths
+import shlex
 
 class Encryption():
     
@@ -40,10 +41,10 @@ class Encryption():
         self.user_mapped_data[user_id]['about'][label] = content;
 
     def getCoSecretHoldersRange():
-        return range(Encryption.MINIMUM_SECRET_HOLDERS,Encryption.MAXIMUM_SECRET_HOLDERS)
+        return range(Encryption.MINIMUM_SECRET_HOLDERS,(Encryption.MAXIMUM_SECRET_HOLDERS+1))
 
     def getSecretHoldersRange():
-        return range(1,Encryption.MAXIMUM_SECRET_HOLDERS)
+        return range(1,(Encryption.MAXIMUM_SECRET_HOLDERS+1))
             
     def getStartnumber(self):
         index = 0
@@ -84,7 +85,7 @@ class Encryption():
     def compileData(self):
         self.compileContacts()
         index = self.getStartnumber()
-        while index < self.getEndnumber():
+        while index <= self.getEndnumber():
             password_group_name = ''.join(sorted(str(index)))
             if self.isGroupValid(password_group_name):
                 password_group_index_int = int(password_group_name)
@@ -104,7 +105,7 @@ class Encryption():
             index += 1
             
     def encryptStringToFile(self,text,output_file,password):
-        self.cli.executeCommand('echo \'' + text + '\' | gpg --symmetric --armor --batch --passphrase "' + password + '" -o "' + output_file + '"')
+        self.cli.executeCommand('echo ' + shlex.quote(text) + ' | gpg --symmetric --armor --batch --passphrase ' + shlex.quote(password) + ' -o "' + output_file + '"')
     
     def encryptGroupFiles(self):
         for password_group_index_int in self.group_mapped_data:
@@ -120,17 +121,33 @@ class Encryption():
             data=self.user_mapped_data[user_id]
             password=self.user_mapped_data[user_id]['user_password']
             self.encryptToJsonFile(data,file_path,password)
+    '''
+    This saving as decrypted file is necessary due to the reason that the shell can't deal with unlimited string length.
+    See: https://stackoverflow.com/questions/30650841/why-am-i-getting-errno-7-argument-list-too-long-and-oserror-errno-24-too-ma
+    '''
+    def encryptFileToFile(self,input_file,output_file,password):
+        self.cli.executeCommand('cat \'' + input_file + '\' | gpg --symmetric --armor --batch --passphrase ' + shlex.quote(password) + ' -o "' + output_file + '"')
+    
+    def deleteDecryptedAccumulatedFile(self):
+        self.cli.executeCommand('rm ' + self.paths.getAccumulatedFilePath(Paths.TYPE_DECRYPTED))
+    
+    def saveDecryptedAccumulatedFile(self):
+        file_path=self.paths.getAccumulatedFilePath(Paths.TYPE_DECRYPTED)
+        data={"user_mapped": self.user_mapped_data, "group_mapped": self.group_mapped_data}
+        with open(file_path, 'w') as file:
+            json.dump(data, file)
         
     def encryptAccumulatedFile(self):
-        file_path=self.paths.getAccumulatedFilePath(Paths.TYPE_ENCRYPTED)
-        data={"user_mapped": self.user_mapped_data, "group_mapped": self.group_mapped_data}
-        self.encryptToJsonFile(data,file_path,self.master_password)
+        self.saveDecryptedAccumulatedFile()
+        encrypted_file_path=self.paths.getAccumulatedFilePath(Paths.TYPE_ENCRYPTED)
+        decrypted_file_path=self.paths.getAccumulatedFilePath(Paths.TYPE_DECRYPTED)
+        self.encryptFileToFile(decrypted_file_path,encrypted_file_path,self.master_password)
+        self.deleteDecryptedAccumulatedFile()
         
-    def encryptMainData(self):
-        self.cli.executeCommand('tar -C"' + self.paths.getDecryptedMainDataStandartFolder() + '" -cvzf - ./ | gpg -c --batch --passphrase "' + self.master_password +'" > "' + self.paths.getEncryptedMainDataFile() + '"')
+    def encryptMainData(self,input_directory):
+        self.cli.executeCommand('tar -C"' + input_directory + '" -cvzf - ./ | gpg -c --batch --passphrase ' + shlex.quote(self.master_password) + ' > "' + self.paths.getEncryptedMainDataFile() + '"')
     
-    def encryptAll(self):
+    def encryptMetaData(self):
         self.encryptUserFile()
-        self.encryptAccumulatedFile()
         self.encryptGroupFiles()
-        self.encryptMainData()
+        self.encryptAccumulatedFile()

scripts/classes/Paths.py

@@ -16,7 +16,7 @@ class Paths():
     def getGroupFilesFolderPath(self,folder_type):
         return self.getDataFolderPath(folder_type) + "group_files/"
     
-    def getUserFilesFolderPath(self,folder_type):
+    def getUserFilesPath(self,folder_type):
         return self.getDataFolderPath(folder_type) + "user_files/"
     
     def getEncryptedMainDataFile(self):
@@ -30,8 +30,11 @@ class Paths():
             return '.gpg'
         return ''
 
+    def getUserFileSuffix(self,file_type):
+        return '.json' + self.getFileExtension(file_type)
+    
     def getUserFilePath(self,user_id,file_type):
-        return self.getUserFilesFolderPath(file_type)+user_id+'.json' + self.getFileExtension(file_type);
+        return self.getUserFilesPath(file_type) + user_id + self.getUserFileSuffix(file_type);
     
     def getGroupFilePath(self,group_id,file_type):
         return self.getGroupFilesFolderPath(file_type) + str(group_id) + '.txt' + self.getFileExtension(file_type);

scripts/main.py

@@ -1,7 +1,7 @@
 import argparse
 from classes.Encryption import Encryption
 from classes.Cleanup import Cleanup
-from classes.Decryption import Decryption
+from classes.Decryption import Decryption, AutomaticIdentificationImpossibleException
 from getpass import getpass
 import traceback
 from classes.Cli import Cli
@@ -33,15 +33,20 @@ try:
         parser = argparse.ArgumentParser()
         parser.add_argument('--mode',type=str, dest='mode',required=True,choices=['cleanup','encrypt','decrypt'])
         parser.add_argument('--file-types',type=str, dest='file_types',required=False,choices=[Paths.TYPE_DECRYPTED, Paths.TYPE_ENCRYPTED])
-        parser.add_argument('--amount',type=int, dest='amount_of_secret_holders',required=False,choices=Encryption.getCoSecretHoldersRange())
+        parser.add_argument('--secret-holders-amount',type=int, dest='amount_of_secret_holders',required=False,choices=Encryption.getCoSecretHoldersRange(),help="Needed for creating of encryption meta data.")
         parser.add_argument('--quota', type=int, dest='decryption_quota', choices=range(1,101),required=False)
         parser.add_argument('--master-password',type=str, dest='master_password',required=False)
         parser.add_argument('--user-password',type=str, dest='user_password',required=False)
         parser.add_argument('--user',type=int, dest='user',choices=Encryption.getSecretHoldersRange(),required=False)
-        parser.add_argument('--add-user-information',type=bool, dest='add_user_information', default=False, required=False, action=argparse.BooleanOptionalAction)
+        parser.add_argument('--add-user-information',type=bool, dest='add_user_information', default=False, required=False, action=argparse.BooleanOptionalAction, help="Add additional information to users.")
+        parser.add_argument('--input-directory',type=str,dest='input_directory',required=False, help="The directory from which the data should be encrypted.")
+        parser.add_argument('--meta-data',type=bool, dest='meta_data', default=False, required=False, action=argparse.BooleanOptionalAction, help="When mode is encrypt and this flag is set, the encrypted meta data is created. When mode is decrypt and this flag is set the accumulated file will be decrypted.")
         args = parser.parse_args()
 
         print("Application started.")
+        print("To leave the appplication use the key kombination: <<Ctr>> + <<Alt>> + <<C>>")
+        print("Cleaning up all decrypted files.")
+        cleanup.cleanupFiles(Paths.TYPE_DECRYPTED)
         print("Selected Mode: " + args.mode)
         
         if args.mode == 'cleanup':   
@@ -60,10 +65,27 @@ try:
             
         if args.mode == 'decrypt':
             decrypt = Decryption(cli,paths)
+            if args.meta_data is True:
                 if args.master_password is None:
+                    print("Enter the master password:")
+                    master_password = getpass()
+                else:
+                    master_password = args.master_password
+                decrypt = Decryption(cli,paths)
+                print("Decrypting accumulated data.")
+                decrypt.setUserPassword(master_password)
+                decrypt.decryptAccumulatedFile()
+                dirty_exit()
             if args.user is None:
+                try:
+                    print("Attempt to identify user.") 
+                    user_id = decrypt.identifyUser()
+                    print("The user id is: " + user_id)
+                except:
+                    print("A automatic user id identification wasn't possible.")
                     print("Type in the user id:")
-                    decrypt.initializeUser(input())
+                    user_id = input()
+                decrypt.initializeUser(user_id)
             else:
                 decrypt.initializeUser(args.user)
             if args.user_password is None:
@@ -127,11 +149,7 @@ try:
                     print("An unexpected error occured: \n" + traceback.format_exc())
             print("Decrypting main data.")
             decrypt.decryptMainData()
-                print("All data decrypted.")
-                dirty_exit()
-            print("Decrypting accumulated data.")
-            decrypt.setUserPassword(args.master_password)
-            decrypt.decryptAccumulatedFile()
+            print("The data was decrypted to: " + paths.getDecryptedMainDataStandartFolder())
             dirty_exit()
         
         if args.mode == 'encrypt':
@@ -141,13 +159,20 @@ try:
             else:
                 master_password = args.master_password
             encrypt = Encryption(cli,paths,args.amount_of_secret_holders, args.decryption_quota, master_password)
-            if args.add_user_information is not None:
+            if args.add_user_information is True:
                 for user_id in encrypt.user_mapped_data:
-                    for label in ['name','phone','email','address']:
+                    for label in ['name','phone','email','address','notes']:
                         print("Enter attribut <<" + label + ">> for user <<" + user_id+ ">>:" )
                         encrypt.addInformationToUser(user_id, label, str(input()))
             encrypt.compileData()
-            encrypt.encryptAll()
+            if args.meta_data is True:
+                print('Cleaning up encrypted meta data.')
+                cleanup.cleanupMetaData(Paths.TYPE_ENCRYPTED)
+                print("Create and encrypt meta data.")
+                encrypt.encryptMetaData()
+            if args.input_directory is not None:
+                print("Encrypt main data.")
+                encrypt.encryptMainData(args.input_directory)
             dirty_exit()
 except KeyboardInterrupt:
     print("Program interrupted by user.")