this post was submitted on 11 Feb 2025
45 points (97.9% liked)

Selfhosted

42055 readers
506 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago
MODERATORS
ruud@lemmy.world
Loki@lemmy.world
CannaVet@lemmy.world
devve@lemmy.world
HybridSarcasm@lemmy.world
HybridSarcasm@lemmy.hybridsarcasm.xyz
45
Digital management post-life (lemmy.nowsci.com)
submitted 16 hours ago by fmstrat@lemmy.nowsci.com to c/selfhosted@lemmy.world
19 comments fedilink hide all child comments
 

Hi all,

Working through some things like a Will (I am fine, just normal life planning), and debating on methods for digital management when I do die.

I run a lot of self-hosted services for family and friends, all on secured servers with ZFS and on/off site backups. Key ingredient is Vaultwarden for password management.

I'd like to put something in place so that encryption keys, some docs, and key passwords are released to a tech savvy friend. Anyone know of existing solutions for this?

Requirements of:

  • Not providing keys to a third-party beforehand
  • Not forgeable to open
  • If possible, no "weekly press a button"

I'm thinking some kind of key pair where my friend has the private key and the public key is provided to a family member, and when activated a timer starts where I could cancel the release.

you are viewing a single comment's thread
view the rest of the comments
[–] hendrik@palaver.p3x.de 17 points 16 hours ago* (last edited 16 hours ago) (3 children)

Well, I always dreamt about encrypting my master keys to all my digital heritage with some threshold scheme encryption like Shamir's secret sharing. I believe there is some Linux tool available: http://point-at-infinity.org/ssss/

That way N out of M of my friends would have to gather after my passing, combine the puzzle pieces and be granted with access to my stuff.

There are easier ways, though. You can just write down a password and include it with your last will, seal it and have a notary take care of it. I'd create a seperate administrator account/password for that.

You could set up two factor authentification and give them one factor now, and have the other factor stored with your things so they can collect it after your passing. Doesn't need to be complicated, create a password with 30 characters, split it in the middle and you have two factors.

There are online services for these kind of things. Or you can run some dead man switch yourself. I'm not sure what kinds of projects someone would use for that. Taking care of a dead man switch would be annoying for me.

[–] fmstrat@lemmy.nowsci.com 3 points 4 hours ago (1 children)

Great idea. My poor mans version idea was an encrypted data set inside another encrypted data set to require two people, but Shamir's seems like a much better option.

[–] hendrik@palaver.p3x.de 2 points 4 hours ago* (last edited 4 hours ago)

I'm still a bit split on this. And whether the complexity and reliability is good enough for the use case... I mean if you don't need N-out-of-M, but it's just two people: cut a password or key in half. Same if it's N-out-of-N people, you just need to make some puzzle pieces and hand them out, we don't really need encryption and fancy maths for that. But I guess encrypting something would work, too. Just use a program or algorithm that's likely still around when it's going to be used. And you can always add a sheet of paper or PDF with instructions. Maybe save the executable file to to decrypt it somewhere if the solution requires software.

[–] AbidanYre@lemmy.world 8 points 14 hours ago (2 children)

Possibly dead, but a cool project none the less.

https://github.com/jesseduffield/horcrux

[–] hendrik@palaver.p3x.de 3 points 7 hours ago* (last edited 5 hours ago)

Nice. Thanks. Seems I've missed some Harry Potter themed stuff. That gave me an idea... Take (or write) an Arduino library (or SSS implemeted in plain C, instead of Go), flash it on a microcontroller like an ESP32 and you have some actual, physical horcroxes. I'd have to think about the form factor, and whether they need displays, or act as a USB thumb drive... But they could light up once you get like 3 of them in bluetooth proximity and reveal the secret. Other than that I think it needed to be part of some well-maintained password vault app. Or be a web service, so people don't need to worry to get some old computer code running.

Edit: Seems the Bitcoin people have had a thought at something like this: https://github.com/satoshilabs/slips/blob/master/slip-0039.md

[–] ohshit604@sh.itjust.works 3 points 12 hours ago (2 children)

Last release was over 5 years ago and judging by the issues not receiving responses best to assume it’s deprecated.

Cool project it seemed.

[–] AbidanYre@lemmy.world 1 points 2 hours ago

Yeah, I was looking at the most recent commit being two years ago. Hadn't checked out the issues.

[–] Andres4NY@social.ridetrans.it 4 points 11 hours ago

@ohshit604 @AbidanYre Nah, they are still doing releases, but they're hidden. You have to combine the past few releases to unlock the url for the latest release.

[I'm joking, of course.]

[–] Flax_vert@feddit.uk 3 points 15 hours ago (1 children)

I wonder if you could make a dead man switch something more benign, like have it restart whenever you plug your phone in to charge, turn on a light switch, start a car, all three, etc

[–] hendrik@palaver.p3x.de 2 points 15 hours ago* (last edited 15 hours ago) (1 children)

Sure. I believe that could be done with minimal effort. Either by a smarthome solution, a script on a wifi router, a script in the autostart of the laptop someone uses every day, or like tasker on a phone. But you need to get it right. Or it'll fire once you're on a 14 day trip through Europe (and absent from your house and computer), phones can be lost or replaced... You might move... And you kind of want to make sure it's robust enough so it actually works once needed, and that might be decades from now...

[–] Flax_vert@feddit.uk 2 points 2 hours ago

Film idea: guy loses phone on holiday and rushes to disable his dead man's switch