Hi, I am working on a CLI tool, Passcrux, for offline password recovery. The gist is, you put in a password/key, pick a shard count, and byte encoding, you get N shards to do whatever you please with. Give em to trusted friends, hide it in the woods, whatever. To recover it, put M shards into the CLI tool, and it spits your password back.
Obviously, SSS (publish 1979) is the core of this tool. To get my MVP/PoC off the ground, I’ve been importing Vault’s implementation of SSS. I plan on keeping Passcrux licensed MPL2, just like Vault, for simplicity. I’m pretty sure this is allowed, but I’m an engineer, Jim, not a lawyer, so I just wanted to check if these scenarios are okay.
- Can I publish my tool as it currently is with import vault/shamir? (pretty sure MPL allows this but I want to confirm)
- Could I copy the vault/shamir.go and test code into my repo while maintaining a license notification? I do not need to vendor the entire Vault lib.
- Would I be able to copy the code and make small modification to it? (e.g. I want a variant of Split where I pass in the seed, for testing purposes)
- Would I be able to rewrite my own shamir.go from “scratch”? (kind of hard to do without “plagiarizing” since it is an algorithm and there is basically 1 way to implement an algorithm. Also the python implementation is on wikipedia)