Creating a Horcrux-style system for your encrypted backups
In this post, I will guide you on how to safely store encrypted backups of your data by using a system that involves protecting data with multiple hardware security keys.
You can set up a system that either requires all keys (or a subset of them) to be required for decryption or set it up in a way that as long as one key is available, users can recover their encrypted data. Both cases are based on the idea of splitting a secret into multiple parts and storing each part in a different location.
Shamir's Secret Sharing (SSS) can be used to set up the first option. The second option, which I call a "digital Horcrux," is inspired by the Harry Potter series. In the books, wizards store parts of their souls in magical objects called Horcruxes. As long as one of these objects exists, the wizard cannot be defeated or killed. In the context of encrypting data, we can set up Horcruxes digitally. However, in this post, I will describe a setup where all Horcruxes are stored exclusively on hardware security keys. The benefit of this setup is that the keys can be safely stored or hidden in the real world, and the secret keys cannot be easily extracted by an adversary.
Sounds cool, right? Let's adapt this idea to encrypting data. While you can set up Horcruxes purely digital, I will describe a setup where all Horcruxes are exclusively stored on hardware security keys. This is because those can be safely stored (or hidden) in the real world, and the secret keys cannot be easily extracted by an adversary.
