Turn secrets into encrypted shares for safer storage.

Protect your most important digital secrets by splitting them into encrypted pieces. Store your passwords, crypto wallets, and sensitive documents safely across multiple locations—even if some pieces are lost or stolen, your data stays secure and recoverable.

Get started Read the Docs
Fractum Secret Sharing Diagram

Key Features

⚡️ Fully Offline Operation
• Works completely offline, perfect for air-gapped environments
• No internet connection required for any operation
• All dependencies bundled in share archives
• Docker container runs with `--network=none` for complete isolation
💾 Portable Design
• Self-contained solution fits on a USB key
• Includes all dependencies and bootstrap scripts
• No system-wide installation required
• Read-only application code in container
🛡️ Cryptographic Features
• AES-256-GCM for file encryption
• Shamir's Secret Sharing for key distribution
• Configurable threshold (k) and total shares (n)
• Secure memory handling and automatic clearing
🔑 Share Management
• Create new shares or use existing ones
• Share validation without secret disclosure
• Label support for share identification
• SHA-256 checksums for all files
🔒 Security
• Non-root execution in container
• Minimal attack surface
• Ephemeral environment
• No sensitive data in swap or logs
• Version compatibility checking
💻 Cross-Platform Support
• Windows
• macOS
• Linux
• Consistent behavior across all platforms

How It Works

When you use Fractum to encrypt a file, the process transforms your data as follows:

Input:

  • Your sensitive file (e.g., passwords.txt, important_documents.zip)
  • Optional: Existing shares for reusing the same key

Output:

  • An encrypted file with .enc extension (e.g., passwords.txt.enc)
  • Multiple share archives (ZIP files), one for each share (e.g., share_1.zip, share_2.zip, etc.)

Each share archive contains:

  • The share file (e.g., share_1.txt) with cryptographic data
  • The encrypted file (passwords.txt.enc)
  • The complete Fractum application
  • Bootstrap scripts for all supported platforms
  • SHA-256 checksums for integrity verification
  • Version information for compatibility checking

Getting Started

Ready to secure your sensitive files? Choose your preferred installation method:

Docker Usage Manual Installation