README
¶
cryptkey
Cryptkey uses Shamir's Secret Sharing to protect encryption keys behind multiple authentication providers. You choose which providers to enroll — hardware security keys, passphrases, recovery codes, SSH keys — and only a threshold of them is needed to reconstruct your key.
No single provider compromise reveals the key. No single provider loss locks you out.
Quick Start
# Install via distillery (https://dist.sh) — portable static binary from
# GitHub releases, no Go toolchain or libfido2 needed at runtime.
dist install ekristen/cryptkey
# Launch the TUI and enroll providers into the "default" profile.
# Enroll at least 3 so any 2 can unlock — e.g. two passphrases plus a
# recovery code, or a FIDO2 key plus a passphrase plus a recovery code.
# Omitting the profile name uses "default" for every cryptkey command.
cryptkey init
# Derive the key — authenticate with any threshold of providers
cryptkey derive
# Pipe the key to another tool on stdin (preferred over --env)
cryptkey derive --raw -- my-tool --key-file /dev/stdin
# List profiles
cryptkey list
# Show profile details
cryptkey info
Pass a name (e.g. cryptkey init work) when you want more than one profile.
Other install options (direct binary download, go install, source build) — see the Getting Started guide.
Providers
| Provider | Type | Description |
|---|---|---|
| FIDO2 | fido2 |
Hardware security key (YubiKey, SoloKey, etc.) via hmac-secret |
| Passkey | passkey |
Browser-based WebAuthn passkey with PRF extension |
| Passphrase | passphrase |
Argon2id-derived key from a memorized passphrase |
| Recovery Code | recovery |
One-time generated code — print and store safely |
| SSH Key | sshkey |
Secret derived from an existing SSH private key |
| SSH Agent | ssh-agent |
Secret derived from SSH agent signing (Ed25519 only) |
| TPM | tpm |
TPM 2.0 sealed secret (Linux only) |
| Secure Enclave | secure-enclave |
Not supported — macOS only, no plans to implement |
Note: Secure Enclave access on macOS requires a provisioning profile. Bare CLI binaries have no way to obtain a provisioning profile to access the Secure Enclave — the CLI would need to be wrapped in an app bundle. There are no plans to ship a version packaged this way.
How It Works
- Each provider produces a 32-byte secret from its own key material
- A random master key is split into shares using Shamir's Secret Sharing
- Each share is encrypted with its provider's secret (AES-256-GCM via HKDF-SHA256)
- Only the encrypted shares and metadata are stored — the master key is never saved
To unlock: authenticate with enough providers to meet the threshold, decrypt their shares, and recombine.
Building
# Default: fully-static portable binary for the current OS (matches releases)
make
# Fast dev build with dynamic linking (requires libfido2-dev at build time)
make build
# Run tests
make test
See Static Builds for the full toolchain story.
Documentation
Full documentation is available at ekristen.github.io/cryptkey or can be served locally:
make docs-serve
Security
- Master key is never stored on disk
- Shares are encrypted with AES-256-GCM
- Profile integrity is verified with HMAC-SHA256
- Secrets are explicitly zeroed in memory after use
- Passphrases are stretched with Argon2id (64 MiB, 3 iterations)
See Security Model for the full threat model and cryptographic details.
License
See LICENSE for details.
Documentation
¶
There is no documentation for this package.
Source Files
Directories
¶
| Path | Synopsis |
|---|---|
|
pkg
|
|
|
commands/rekey
Package rekey implements the `cryptkey rekey` command, which rebuilds a profile's Shamir share set under a new (n', t') and provider list while preserving the existing master key and output salt.
|
Package rekey implements the `cryptkey rekey` command, which rebuilds a profile's Shamir share set under a new (n', t') and provider list while preserving the existing master key and output salt. |
|
config
Package config handles reading and writing cryptkey profile files.
|
Package config handles reading and writing cryptkey profile files. |
|
crypto
Package crypto provides cryptographic primitives for cryptkey: HKDF-SHA256 key derivation and AES-256-GCM authenticated encryption of Shamir shares.
|
Package crypto provides cryptographic primitives for cryptkey: HKDF-SHA256 key derivation and AES-256-GCM authenticated encryption of Shamir shares. |
|
crypto/hkdfinfo
Package hkdfinfo is the central registry of HKDF info strings used throughout cryptkey.
|
Package hkdfinfo is the central registry of HKDF info strings used throughout cryptkey. |
|
crypto/keyformat
Package keyformat converts raw 32-byte derived keys into structured cryptographic key formats (age identities, OpenSSH ed25519 keys).
|
Package keyformat converts raw 32-byte derived keys into structured cryptographic key formats (age identities, OpenSSH ed25519 keys). |
|
crypto/shamir
Package shamir implements Shamir's Secret Sharing over GF(256).
|
Package shamir implements Shamir's Secret Sharing over GF(256). |
|
enrollment
Package enrollment contains the shared logic for enrolling providers and building a cryptkey profile.
|
Package enrollment contains the shared logic for enrolling providers and building a cryptkey profile. |
|
progress
Package progress provides structured status reporting for the derive flow.
|
Package progress provides structured status reporting for the derive flow. |
|
provider
Package provider defines the interface for cryptkey authentication providers.
|
Package provider defines the interface for cryptkey authentication providers. |
|
provider/fido2
Package fido2 implements a provider that derives a 32-byte secret from a FIDO2 hardware key using the hmac-secret extension.
|
Package fido2 implements a provider that derives a 32-byte secret from a FIDO2 hardware key using the hmac-secret extension. |
|
provider/passkey
Package passkey implements a provider that uses the WebAuthn PRF extension via the user's browser to derive a deterministic 32-byte secret from a passkey (platform authenticator, security key, or cross-device via phone).
|
Package passkey implements a provider that uses the WebAuthn PRF extension via the user's browser to derive a deterministic 32-byte secret from a passkey (platform authenticator, security key, or cross-device via phone). |
|
provider/passphrase
Package passphrase implements a provider that derives a 32-byte secret from a user-supplied passphrase using Argon2id.
|
Package passphrase implements a provider that derives a 32-byte secret from a user-supplied passphrase using Argon2id. |
|
provider/piv
Package piv implements a provider that derives a 32-byte secret from a PIV-compatible hardware token (e.g., YubiKey) using the go-piv library.
|
Package piv implements a provider that derives a 32-byte secret from a PIV-compatible hardware token (e.g., YubiKey) using the go-piv library. |
|
provider/recovery
Package recovery implements a provider that generates a high-entropy recovery code, displays it once, and derives a 32-byte secret from it via Argon2id.
|
Package recovery implements a provider that generates a high-entropy recovery code, displays it once, and derives a 32-byte secret from it via Argon2id. |
|
provider/sshagent
Package sshagent implements a provider that derives a 32-byte secret by having the SSH agent sign a deterministic challenge.
|
Package sshagent implements a provider that derives a 32-byte secret by having the SSH agent sign a deterministic challenge. |
|
provider/sshkey
Package sshkey implements a provider that derives a 32-byte secret from an SSH private key.
|
Package sshkey implements a provider that derives a 32-byte secret from an SSH private key. |
|
provider/tpm
Package tpm implements a provider that derives a 32-byte secret using a TPM 2.0 HMAC key.
|
Package tpm implements a provider that derives a 32-byte secret using a TPM 2.0 HMAC key. |
|
timeout
Package timeout provides a context-based timeout wrapper with Enter-to-skip and Escape/Ctrl+C support via /dev/tty for hardware provider derivation.
|
Package timeout provides a context-based timeout wrapper with Enter-to-skip and Escape/Ctrl+C support via /dev/tty for hardware provider derivation. |
Click to show internal directories.
Click to hide internal directories.