Several days ago the GNU Project released the introduction of the first trial version of "GNU Anastasis", a protocol and implementation applications for backing up encryption keys and passcodes securely.
The project is being developed by the developers of the GNU Taler payment system as a response to the need for a tool to recover keys lost after a failure in the storage system or due to forgetting the password with which the key was encrypted.
I am pleased to announce the first public (alpha) version v0.1.0 of GNU Anastasis. GNU Anastasis is a distributed key that preserves privacy backup and recovery solution. You can use it to distribute key material across multiple providers and retrieve your keys by authenticating with each supplier to obtain the key actions. Providers learn nothing about users in this process, except during recovery when they learn minimum amount of information required to authenticate you depending on the chosen authentication method.
The main idea of the project is that the key It is divided into parts, and each part is encrypted and hosted by an independent storage provider. Unlike existing key backup schemes that involve paid services or friends / family, the method proposed in GNU Anastasis is not based on full trust in storage or the need to remember the complex password with which it is used. encrypt the key. Protecting the backup copies of the keys with passwords is not considered a solution, as the password must also be stored or remembered somewhere (the keys will be lost as a result of amnesia or the death of the owner).
The GNU Anastasis storage provider cannot use the key, since you only have access to a part of the key, and to collect all the key components into a whole, you need to authenticate with each provider using different authentication methods, authentication supported via SMS, email, receiving a letter on regular paper, video call, knowing the answer to a predefined secret question and the ability to make a transfer from a predefined bank account.
These controls confirm that the user has access to email, phone number and bank account, and can also receive letters to the specified address.
When saving the key, the user chooses the providers and the authentication methods used. Before transferring the data to the provider, parts of the key are encrypted using a hash calculated on the basis of formalized answers to various questions related to the identity of the key owner (full name, date and place of birth, social security number , etc).
The provider does not receive information about the users they are supporting, except the information required to authenticate the owner. You can pay the vendor a certain amount for storage (support for such payments has already been added to GNU Taler, but the two current trial providers are free). To manage the recovery process, a graphical utility based on the GTK library has been developed.
The project code is written in C and is distributed under the GPLv3 license.
How to install GNU Anastasis on Linux?
For those who are interested in being able to test this application, they can download this trial version from its official website from the following link and at the end of the download you must unzip the package and compile the code on your system.
Or you can also open a terminal and in it you will type the following command to download the current version (at the time of writing):
wget https://ftp.gnu.org/gnu/anastasis/anastasis-0.1.0.tar.gz
Now we proceed to unzip with:
tar -xzvf anastasis-0.1.0.tar.gz
We access the resulting directory and proceed to compile with:
cd anastasis-0.1.0
./configure
make
make install
If you want to know more about the project, you can consult the details in the following link.