Fortify is a command-line tool designed to enhance file security through encryption.
- Fortifies any file through encryption, then decrypts or executes the fortified files.
- Encrypts file using AES-256.
- Protects the AES secret key with either Shamir's Secret Sharing (SSS) or RSA encryption.
go install github.com/wangkang/fortify@latest
fortify version
Encrypt files with randomly generated key parts:
fortify encrypt -i <input_file> -o <output_file>
Encrypt files with specified key parts:
fortify sss random -b 32 -p <number_of_shares> -t <threshold>
fortify encrypt -i <input_file> <key_part1> <key_part2> ...
Decrypt files with specified key parts:
fortify decrypt -i <fortified_file> <key_part1> <key_part2> ...
Execute fortified files with specified key parts:
fortify execute -i <fortified_file> <key_part1> <key_part2> ...
Encrypt files with RSA public key:
fortify encrypt -i <input_file> -k rsa <public_key_file>
Decrypt files with RSA private key:
fortify decrypt -i <fortified_file> <private_key_file>
Execute fortified files with RSA private key:
fortify execute -i <fortified_file> <private_key_file>
This project is licensed under the MIT License.
We welcome contributions through issue submissions and pull requests. Feel free to suggest improvements or report issues.
To build the project, run:
bash build.sh
After building, execute the following commands to confirm the result:
pushd build && ./fortify -h && ./fortify version; popd
To split and combine secret shares, use the following commands:
pushd build/sss && ../fortify sss split -vT ../fortify; popd
pushd build/sss && ../fortify sss combine -o combined.out -vT 1of5.json 3of5.json 5of5.json; popd
Tips:
- For enhanced security, store generated secret shares in different locations.
- While suitable for processing large files, this method may not be optimal for smaller files.
Encrypt files with randomly generated key parts:
pushd build/sss && ../fortify encrypt -i ../fortify -T; popd
Decrypt fortified files with specified key parts:
pushd build/sss && ../fortify decrypt -i fortified.data -T fortified.key1of2.json fortified.key2of2.json; popd
Execute fortified files with specified key parts:
pushd build/sss && ../fortify execute -i fortified.data fortified.key1of2.json fortified.key2of2.json -- encrypt -h; popd
Generate new random key parts:
pushd build/sss && ../fortify sss random -p3 -t2 --prefix p; popd
Encrypt files using specified key parts:
pushd build/sss && ../fortify encrypt -i ../fortify -vT p1of3.json p2of3.json; popd
Decrypt fortified files using specified key parts:
pushd build/sss && ../fortify decrypt -i fortified.data -vT p1of3.json p3of3.json; popd
Execute fortified files using specified key parts:
pushd build/sss && ../fortify execute -i fortified.data p2of3.json p3of3.json; popd
Generate RSA key pairs:
bash debug_keygen.sh
Encrypt files using RSA public key:
pushd build/rsa && ../fortify encrypt -i ../fortify -k rsa -vT ../../debug/key_rsa/id_rsa.pub; popd
Encrypt files using RSA public key in PEM format:
pushd build/rsa && ../fortify encrypt -i ../fortify -k rsa -vT ../../debug/key_rsa/id_rsa_pem.pub; popd
pushd build/rsa && ../fortify encrypt -i ../fortify -k rsa -vT ../../debug/key_rsa/id_rsa_pkcs8.pub; popd
# Will Fail
- PKCS #8 public key is unsupported
pushd build/rsa && ../fortify encrypt -i ../fortify -k rsa -vT ../../debug/key_rsa/id_rsa_rfc4716.pub; popd
# Will Fail
- RFC 4716 public key is unsupported
Execute fortified files using RSA private key:
pushd build/rsa && ../fortify execute -i fortified.data ../../debug/key_rsa/id_rsa; popd
Execute fortified files using RSA private key in PEM format:
pushd build/rsa && ../fortify execute -i fortified.data ../../debug/key_rsa/id_rsa_pem; popd
Execute fortified files using RSA private key in RFC 4716 format:
pushd build/rsa && ../fortify execute -i fortified.data ../../debug/key_rsa/id_rsa_rfc4716; popd
pushd build/rsa && ../fortify execute -i fortified.data ../../debug/key_rsa/id_rsa_pkcs8; popd
# Will Fail
- encrypted PKCS #8 private key is unsupported