Installed Rust using brew install rust on macOS Catalina and ran cargo install --git https://github.com/dsprenkels/sss-cli --branch v0.1.

Following error is thrown:

  = note: Undefined symbols for architecture x86_64:
            "_crypto_secretbox_xsalsa20poly1305_tweet", referenced from:
                shamirsecretsharing_cli::crypto_secretbox::hec24fa59a0001d22 in libshamirsecretsharing_cli-d5d35100b5254f45.rlib(shamirsecretsharing_cli-d5d35100b5254f45.shamirsecretsharing_cli.8d6pcdmd-cgu.0.rcgu.o)
          ld: symbol(s) not found for architecture x86_64
          clang: error: linker command failed with exit code 1 (use -v to see invocation)

New to Rust, so might be missing something obvious.

Like:

• Write down the version number with the shares
• Think about your n/k parameters

We should test a couple of things:

• Create-shares/combine-shares give expected results (8a83873).
• Recombination failure gives a proper error code.
• Fails fail as expected and give the correct error codes (8a83873).
• App can decode shares generated by https://dsprenkels.com/sss/ (8a83873).

Currently, this library does not need a lot of command line parsing features and clap takes makes the binaries a couple of factors larger in size. We should switch to using getopts instead.

Obviously this issue has low priority.

Hex is a pretty inefficient format. We should support Base64 s.t. the shares are shorter.

We should support recombination of key shares. I think there are two options here:

1. Automatically combine key shares if the input shares are too short.
2. Add a --keyshares option which will activate the keyshare restoration.

TL;DR

To fix this error, run rustup update to get the latest Rust toolchains installed.

Details

I actually solved this problem and just wanted to document it for anyone in the future.

Original Error

cargo install --git https://github.com/dsprenkels/sss-cli --branch v0.1

Updating git repository https://github.com/dsprenkels/sss-cli
Installing shamirsecretsharing-cli v0.1.1 (https://github.com/dsprenkels/sss-cli?branch=v0.1#d327af9d)
Updating crates.io index
Compiling libc v0.2.121
Compiling cfg-if v1.0.0
Compiling getrandom v0.1.16
Compiling memchr v2.4.1
Compiling cc v1.0.73
Compiling log v0.4.14
Compiling unicode-width v0.1.9
Compiling ppv-lite86 v0.2.16
Compiling regex-syntax v0.6.25
Compiling quick-error v1.2.3
Compiling ansi_term v0.12.1
Compiling bitflags v1.3.2
Compiling strsim v0.8.0
Compiling termcolor v1.1.3
Compiling humantime v1.3.0
Compiling textwrap v0.11.0
Compiling aho-corasick v0.7.18
Compiling atty v0.2.14
Compiling clap v2.34.0
Compiling rand_core v0.5.1
Compiling rand_chacha v0.2.2
error[E0658]: if is not allowed in a const fn
--> ~/.cargo/registry/src/github.com-1ecc6299db9ec823/clap-2.34.0/src/app/settings.rs:7:1
|
7 | / bitflags! {
8 | | struct Flags: u64 {
9 | | const SC_NEGATE_REQS = 1;
10 | | const SC_REQUIRED = 1 << 1;
... |
51 | | }
52 | | }
| |_^
|
= note: see issue #49146 rust-lang/rust#49146 for more information
= note: this error originates in a macro (in Nightly builds, run with -Z macro-backtrace for more info)

error[E0658]: if is not allowed in a const fn
--> ~/.cargo/registry/src/github.com-1ecc6299db9ec823/clap-2.34.0/src/args/settings.rs:6:1
|
6 | / bitflags! {
7 | | struct Flags: u32 {
8 | | const REQUIRED = 1;
9 | | const MULTIPLE = 1 << 1;
... |
28 | | }
29 | | }
| |_^
|
= note: see issue #49146 rust-lang/rust#49146 for more information
= note: this error originates in a macro (in Nightly builds, run with -Z macro-backtrace for more info)

Compiling rand v0.7.3
Compiling regex v1.5.5
error: aborting due to 2 previous errors

For more information about this error, try rustc --explain E0658.
error: could not compile clap.

To learn more, run the command again with --verbose.
warning: build failed, waiting for other jobs to finish...
error: failed to compile `shamirsecretsharing-cli v0.1.1

Before Updating

This is the version that caused the error.

rustup show

Default host: x86_64-unknown-linux-gnu
rustup home: ~/.rustup

installed toolchains

stable-x86_64-unknown-linux-gnu (default)
nightly-2020-10-25-x86_64-unknown-linux-gnu
nightly-2021-01-01-x86_64-unknown-linux-gnu
nightly-2021-05-18-x86_64-unknown-linux-gnu
nightly-2021-07-06-x86_64-unknown-linux-gnu

active toolchain

stable-x86_64-unknown-linux-gnu (default)
rustc 1.43.1 (8d69840ab 2020-05-04)

After Updating

I was able to install with this version.

rustup show

Default host: x86_64-unknown-linux-gnu
rustup home: ~/.rustup

installed toolchains

stable-x86_64-unknown-linux-gnu (default)
nightly-2020-10-25-x86_64-unknown-linux-gnu
nightly-2021-01-01-x86_64-unknown-linux-gnu
nightly-2021-05-18-x86_64-unknown-linux-gnu
nightly-2021-07-06-x86_64-unknown-linux-gnu

active toolchain

stable-x86_64-unknown-linux-gnu (default)
rustc 1.59.0 (9d1b2106e 2022-02-23)

At this moment, shares are "just" created when secret-share-split. Although the chances of breaking compatibility are slim, we should tell the user to write down the version of the software when they share a secret, so that we can remain backward compatible later on.

Currently, sss-cli uses a mixture of panic!'s and eprintln!'s to output error messages to the user. We should make sure that all the error messages consistently output to stderr s.t. pipes work as expected.

This could be an enhancement.

As far as I can tell the full ciphertext is simply appended to the key share, i.e. everything from byte 34 onward is identical in every 'shard'.

For testing purposes I manually encrypted a file with a random keyfile, used secret-share-split only on the keyfile and then 'split' the encrypted file with zfec, which uses an erasure code and has similar threshold settings (i.e. 'split into m files' and 'require k to restore'). This resulted in a considerably smaller size compared to directly splitting the file with secret-share-split - especially useful for larger secrets.

I am not sure if this would introduce any new sidechannels but I imagine it would also make recombination more robust, if anything.

$ echo "foo" | /home/pi/.cargo/bin/secret-share-split -n 5 -t 3
0178badbbb28a5a649fc61877913d95b46d588478c575a8c1c5d8b31b77a598a5fa28eaf0d082148a529f424b47038d51c4faa44c7
02ed450054d546a26353468e806b55a1d22854bc8e59cb72c34c4d35ae5dd51e1ca28eaf0d082148a529f424b47038d51c4faa44c7
0368ff23d52f87828358a81ff68053781b9b8e95788b2e445b0d6ff0c66ee386a2a28eaf0d082148a529f424b47038d51c4faa44c7
04d922dd2151fa45625a3e8f9da6feda4836cce785b1f597a1d9cc368fb275965ea28eaf0d082148a529f424b47038d51c4faa44c7
055c98fea0ab3b658251d01eeb4df803818516ce736310a13998eef3e781430ee0a28eaf0d082148a529f424b47038d51c4faa44c

I notice trailing a28eaf0d082148a529f424b47038d51c4faa44c7 is identical among shares.

$ echo "pdU3KQFgcOlgafG1pcRxMmCFWj2Tt474" | /home/pi/.cargo/bin/secret-share-split -n 5 -t 3
01d793e9104984849e02e8bef005ee134b81ff8bb5a2599862359d490dde962144b3bb2c626e0aab185bdc8bd4beb6a1553b8a97e30fd05482741290d826fe9ef718684340d73b3de8306c2699259bf4c189
02f4686914110e4cff5d01a02cd729cd2457fc0f9351ddcad71d730acac4faf611b3bb2c626e0aab185bdc8bd4beb6a1553b8a97e30fd05482741290d826fe9ef718684340d73b3de8306c2699259bf4c189
030f71b7f8cbdbdf7c0f5f2593cfd0c02d7138911e3c15fa48c84f043dc9145905b3bb2c626e0aab185bdc8bd4beb6a1553b8a97e30fd05482741290d826fe9ef718684340d73b3de8306c2699259bf4c189
045338429b387a2213d8ef0891571aaa459ae5d5ebe33864952a8082a3c9688a6db3bb2c626e0aab185bdc8bd4beb6a1553b8a97e30fd05482741290d826fe9ef718684340d73b3de8306c2699259bf4c189
05a8219c77e2afb1908ab18d2e4fe3a74cbc214b668ef0540affbc8c54c4862579b3bb2c626e0aab185bdc8bd4beb6a1553b8a97e30fd05482741290d826fe9ef718684340d73b3de8306c2699259bf4c189

I notice trailing b3bb2c626e0aab185bdc8bd4beb6a1553b8a97e30fd05482741290d826fe9ef718684340d73b3de8306c2699259bf4c189 is identical among shares.

I am very curious about anatomy of shares. @dsprenkels, perhaps you could add a line on the subject to share length FAQ topic.

I am guessing it has something to do with AEAD...

It seems that the secret strings always shares a common part (the last 48 bytes). What is it and can it be shared publically or does the whole string is private information?

Compiled with a fresh rustup install on Windows 10.
Master yields the same error.

PS C:\Users\WDAGUtilityAccount\ws> cargo install --git https://github.com/dsprenkels/sss-cli --branch v0.1
    Updating git repository `https://github.com/dsprenkels/sss-cli`
  Installing shamirsecretsharing-cli v0.1.1 (https://github.com/dsprenkels/sss-cli?branch=v0.1#d327af9d)
    Updating crates.io index
   Compiling winapi v0.3.9
   Compiling cfg-if v1.0.0
   Compiling getrandom v0.1.16
   Compiling memchr v2.5.0
   Compiling libc v0.2.141
   Compiling cc v1.0.79
   Compiling log v0.4.17
   Compiling ppv-lite86 v0.2.17
   Compiling quick-error v1.2.3
   Compiling regex-syntax v0.6.29
   Compiling unicode-width v0.1.10
   Compiling strsim v0.8.0
   Compiling bitflags v1.3.2
   Compiling humantime v1.3.0
   Compiling textwrap v0.11.0
   Compiling rand_core v0.5.1
   Compiling shamirsecretsharing v0.1.4
   Compiling rand_chacha v0.2.2
The following warnings were emitted during compilation:

warning: cl : Command line error D8021 : invalid numeric argument '/Wno-sign-compare'

error: failed to run custom build command for `shamirsecretsharing v0.1.4`

Caused by:
  process didn't exit successfully: `C:\Users\WDAGUtilityAccount\AppData\Local\Temp\cargo-installhvHDSy\release\build\shamirsecretsharing-47db41b09501d45d\build-script-build` (exit code: 1)
  --- stdout
  TARGET = Some("x86_64-pc-windows-msvc")
  OPT_LEVEL = Some("3")
  HOST = Some("x86_64-pc-windows-msvc")
  cargo:rerun-if-env-changed=CC_x86_64-pc-windows-msvc
  CC_x86_64-pc-windows-msvc = None
  cargo:rerun-if-env-changed=CC_x86_64_pc_windows_msvc
  CC_x86_64_pc_windows_msvc = None
  cargo:rerun-if-env-changed=HOST_CC
  HOST_CC = None
  cargo:rerun-if-env-changed=CC
  CC = None
  cargo:rerun-if-env-changed=CFLAGS_x86_64-pc-windows-msvc
  CFLAGS_x86_64-pc-windows-msvc = None
  cargo:rerun-if-env-changed=CFLAGS_x86_64_pc_windows_msvc
  CFLAGS_x86_64_pc_windows_msvc = None
  cargo:rerun-if-env-changed=HOST_CFLAGS
  HOST_CFLAGS = None
  cargo:rerun-if-env-changed=CFLAGS
  CFLAGS = None
  cargo:rerun-if-env-changed=CRATE_CC_NO_DEFAULTS
  CRATE_CC_NO_DEFAULTS = None
  CARGO_CFG_TARGET_FEATURE = Some("fxsr,sse,sse2")
  DEBUG = Some("false")
  running: "C:\\Program Files\\Microsoft Visual Studio\\2022\\Community\\VC\\Tools\\MSVC\\14.35.32215\\bin\\HostX64\\x64\\cl.exe" "-nologo" "-MD" "-O2" "-Brepro" "-W4" "-Wno-sign-compare" "-FoC:\\Users\\WDAGUtilityAccount\\AppData\\Local\\Temp\\cargo-installhvHDSy\\release\\build\\shamirsecretsharing-15fa30fb38a6aa42\\out\\sss/sss.o" "-c" "sss/sss.c"
  cargo:warning=cl : Command line error D8021 : invalid numeric argument '/Wno-sign-compare'
  exit code: 2

  --- stderr


  error occurred: Command "C:\\Program Files\\Microsoft Visual Studio\\2022\\Community\\VC\\Tools\\MSVC\\14.35.32215\\bin\\HostX64\\x64\\cl.exe" "-nologo" "-MD" "-O2" "-Brepro" "-W4" "-Wno-sign-compare" "-FoC:\\Users\\WDAGUtilityAccount\\AppData\\Local\\Temp\\cargo-installhvHDSy\\release\\build\\shamirsecretsharing-15fa30fb38a6aa42\\out\\sss/sss.o" "-c" "sss/sss.c" with args "cl.exe" did not execute successfully (status code exit code: 2).


warning: build failed, waiting for other jobs to finish...
error: failed to compile `shamirsecretsharing-cli v0.1.1 (https://github.com/dsprenkels/sss-cli?branch=v0.1#d327af9d)`, intermediate artifacts can be found at `C:\Users\WDAGUtilityAccount\AppData\Local\Temp\cargo-installhvHDSy`

I found this cli and your library recently. I want to use it to keep some secret keys for possibly a long time and it is convenient for me to keep the secrets written on paper.

This library seems to be good choice for my needs, however due to my expectation of possibly long term archivation of such a keys, I'd like to see some detailed technical description of the shares format, so that it would be possible to construct different program to combine the shares, even if the original one (this one) disappear from the internet and/or will not be maintained and it will be impossible to use in the future versions of rust/c etc...

Installed Rust using curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh on Raspberry Pi OS and ran cargo install --git https://github.com/dsprenkels/sss-cli --branch v0.1.

Following error is thrown:

  = note: /usr/bin/ld: /tmp/cargo-installuViAgW/release/deps/libshamirsecretsharing_cli-ce60b7e353e5e699.rlib(shamirsecretsharing_cli-ce60b7e353e5e699.shamirsecretsharing_cli.8piw6w0j-cgu.0.rcgu.o): in function `shamirsecretsharing_cli::crypto_secretbox':
          shamirsecretsharing_cli.8piw6w0j-cgu.0:(.text._ZN23shamirsecretsharing_cli16crypto_secretbox17h5efbbce4803b019dE+0x114): undefined reference to `crypto_secretbox_xsalsa20poly1305_tweet'
          collect2: error: ld returned 1 exit status

New to Rust, so might be missing something obvious.