The GNU Project has released the first beta release of GNU Anastasis, a protocol and implementation applications for securely backing up encryption keys and access codes. The project is developed by the developers of the GNU Taler payment system in response to a need for a tool to recover keys lost after a storage failure or due to a forgotten password that was used to encrypt the key. The project code is written in C language and distributed under the GPLv3 license.
The main idea of ββthe project is that the key is split into parts, and each part is encrypted and hosted by an independent storage provider. Unlike existing key backup schemes involving paid services or friends/relatives, the method proposed in GNU Anastasis is not based on complete trust in the vault or the need to remember the complex password that encrypts the key. Protecting backup copies of keys with passwords is not considered an option, since the password also needs to be stored or remembered somewhere (the keys will be lost due to amnesia or death of the owner).
The storage provider in GNU Anastasis cannot use the key because it only has access to part of the key, and in order to collect all the components of the key into one, it is required to authenticate itself with each provider using different authentication methods. Authentication via SMS, e-mail, receipt of a regular paper letter, video call, knowledge of the answer to a predefined secret question and the ability to make a transfer from a pre-specified bank account are supported. Such checks confirm that the user has access to e-mail, phone number and bank account, and can also receive letters at the specified address.
When saving the key, the user chooses the providers and authentication methods used. Before the data is transmitted to the provider, parts of the key are encrypted using a hash calculated on the basis of formalized answers to several questions related to the identity of the key owner (name, date and place of birth, social security number, etc.). The provider does not receive information about the user who is backing up, except for the information necessary to authenticate the owner. The provider can be paid a certain amount for storage (support for such payments has already been added to GNU Taler, but the current two test providers work for free). To manage the recovery process, a utility with a graphical interface based on the GTK library has been developed.
Source: opennet.ru