Dark Crystal
Backup your secrets using the trust in your social fabric
Dark Crystal is a set of protocols, libraries, techniques and guidelines for secure management of sensitive data such as cryptographic keys.
The idea is to make key management easy by emphasising trust between peers rather than individual responsibility.
It is a toolkit for developers who want to bring secure and easy to use key management techniques to their project. It is particularly well suited for decentralised systems where authentication relies on keys stored on a peer’s device.
- Transport agnostic - Key backup and recovery mechanisms that work with your existing transport mechanism.
- Flexible - Pick features which meet the needs of your individual project.
- Easy to use - Includes template designs for making intuitive interfaces.
- Empowering for peers - Peers keys are secured by trust in their social network.
There is a reference implementation in Java, a Javascript implementation and a work-in-progress Rust implementation.
Dark Crystal is 100% open source, licensed Lesser GPL3. You can use our modules in your projects, or just take inspiration from them to implement something similar. Every project has different needs, so we are trying to establish good patterns rather than build a generic tool which everybody should use.
The Dark Crystal Key Backup protocol and Java implementation have been independently audited by Include Security, supported by the Open Technology Fund’s Red Team Lab. Read the security review report
The reference implementation uses conventions from the libsodium crypto library and Daan Sprenkle’s secret sharing library, both are written in C with bindings to many popular languages.
For a detailed discussion of our protocol and possible further use-cases, see our report: ‘The Social and Technical Applications of Threshold Based Secret-Sharing in an Internet Freedom Context’.