Allow a file to be decrypted when and only when you die.
MIT License
Allow a file to be decrypted when and only when you die.
Under heavy development, no backward compatibility is guaranteed. Please use the same version for encryption & decryption. Do not use in production.
A successful decryption of a monument-encrypted file requires all the following conditions to be true:
At encryption, monument generates a new PGP keypair, encrypts your file and splits the private key using Shamir's Secret Sharing Algorithm. You can designate how many people you will give one key to, and how many people are required to finally decrypt your file. You will receive n keys, one for every person, plus m keys to put into your DMS service.
After encryption, you need to set up your DMS service in a way that it will send all the m keys to every of the n people, tell them about your death and tell them how to contact each other.
When you die and the DMS service successfully triggers, if k out of the n people managed to have contact, they will have k + m keys in total which will allow monument to finally decrypt your secret file.
For example, if you have 5 people to give keys to, and 3 of them are required to decrypt the secret:
monument encrypt --name "Your Legal Name" --email "[email protected]" --people 5 --decryptable 3 --file secret-message.txt --output out
All the files required for decryption will be put into out
directory. You need to:
public/secret-message.txt.gpg
to a place where it will be available even if you diesecret/shares_for_death_switch.txt
to your DMS servicesecret/shares_for_people.txt
, one key per personsecret-message.txt
file and all the keys in secret/*
First download the encrypted secret-message.txt.gpg
. Then run monument to start the decryption phase:
monument decrypt --file secret-message.txt.gpg
Monument will then ask you for the keys you gathered. Paste one key per line. If the keys are correct, the secret will be revealed.