Using a "backdoor" password in addition to Shamir?

[PowerPress]

Does this only support SSSS or can you use a password as well with AES encryption?

[cyphar]

I have thought about adding a "backdoor" password which lets you recover the document if you remember the password, but it's not supported yet (also this project is still a work-in-progress). The issue is that a weak password makes the backup scheme much weaker because you're likely to make multiple copies of the main document and hand it to several people.

Also we don't use AES, we use ChaCha20-Poly1305.

[X-Ryl669]

It's very simple. Run SS once with 2 shares. One is the "backdoor password". Use the second share's key as the document to run SS again, but this time with N shares.

[cyphar]

A 1-threshold scheme is the same as just having the secret key (it's a degree-0 polynomial with the constant being the secret -- so f(x) = secret). I guess we could just give the user a bip39-encoded version of the secret key if they want to keep a copy (though we'd need to give them the Ed25519 key as well if we want them to be able to mint new shards).

But the original suggestion was to have a passphrase the user picks, and use that as the "backdoor" passphrase. This would require embedding the secret key (encrypted with the passphrase) in the main document, which I don't feel super comfortable doing.