Available GNU Anastasis, tools for backup key encryption keys

GNU project introduced the first test release gnu Anastasis , protocols and applications with its implementation intended for secure backup of encryption keys and access codes. Project develops developers of the GNU Taler payment system in response to the need for a key recovery tool lost after a storage system or from – Forgotten password, which was encrypted the key. The project code is written in Si language and spreads under the GPLv3 license.

The main idea of ​​the project is that the key is divided into parts, and each part is encrypted and placed at an independent storage provider. Unlike existing key backup schemes related to the involvement of paid services or friends / relatives, proposed in GNU Anastasis, the method is not based on complete confidence in the repository or need to remember the complex password that the key is encrypted. Protection of backup copies of keys with passwords is not considered as an output, since the password also needs to be stored somewhere or remember (the keys will be lost as a result of amnesia or the death of the owner).

The storage provider in GNU Anastasis cannot use the key as it has access only to the key part, and in order to collect all key components in one integer, it is required to authenticate yourself from each provider using various authentication methods. Authentication is maintained via SMS, email, receiving a regular paper letter, video calls, knowledge of the response to a predetermined secret question and the ability to make a translation with a predetermined bank account. Such checks confirm that the user has access to email, the phone number and bank account, and can also receive letters at the specified address.


When saving the key, the user selects providers and used authentication methods. Before transferring data to the provider, the key part is encrypted using hash, calculated based on formalized responses to several questions related to the identity of the key owner (name, day and place of birth, social insurance number, etc.). The provider does not receive information about users who backup, with the exception of the information necessary to authenticate the owner. For the storage provider can be paid a certain amount (support for such payments has already been added to GNU Taler, but the current two test providers work for free). To manage the recovery process, a utility with a graphical interface based on the GTK library was developed.

/Media reports.