Skip to content

Decrypting Files

This guide explains how to reconstruct and decrypt your files using Fractum shares.

Fractum Decryption Diagram

Prerequisites

Before decrypting, you need:

  • At least K shares (where K is your threshold)
  • Access to the shares from the same encryption operation
  • Fractum installed on your system

Basic Decryption

Interactive Mode

The simplest way to decrypt is using interactive mode:

fractum -i

Interactive mode will:

• Display the current Fractum version
• Show available encrypted files and shares
• Prompt you to select the operation (encrypt/decrypt)
• Guide you through the decryption process

Follow the prompts to:

  1. Select decryption operation
  2. Choose your encrypted file or specify shares directory
  3. Let Fractum automatically detect and use the required shares

Command Line Mode

For direct command-line decryption:

fractum decrypt --shares-dir ./shares --output ./decrypted_file.txt

Share Detection

Fractum automatically:

  • Detects available shares in the specified directory
  • Checks which shares are needed for your threshold
  • Uses exactly K shares for reconstruction
  • Handles share metadata and compatibility verification

Understanding Share Requirements

Threshold Logic

  • Need exactly K shares: Your threshold value from encryption
  • Any K shares work: You don't need specific shares, any subset of K shares from the original N shares will work
  • Extra shares ignored: If you have more than K shares available, Fractum will automatically select K shares to use

Example Scenarios

If you encrypted with threshold K=3 and total shares N=5:

Available Shares Can Decrypt? Notes
2 shares ❌ No Below threshold
3 shares ✅ Yes Meets threshold exactly
4 shares ✅ Yes Above threshold (uses any 3)
5 shares ✅ Yes All shares (uses any 3)

Troubleshooting

Common Issues

  1. Insufficient shares: Ensure you have at least K shares from the same encryption operation
  2. Incorrect shares: Check that shares are from the same encryption operation and are not corrupted
  3. Permission errors: Verify you have read access to share files and write access to output location
  4. Corrupted shares: Individual share corruption will be detected during reconstruction

Error Messages

"Insufficient shares for reconstruction"

  • You have fewer than K shares
  • Solution: Obtain additional shares from the same encryption

"Share verification failed"

  • One or more shares are corrupted or from different encryptions
  • Solution: Use different shares or obtain uncorrupted copies

"Cannot write output file"

  • Permission or disk space issues
  • Solution: Check output directory permissions and available disk space

Security Notes

  • Temporary files: Fractum doesn't create temporary unencrypted files during decryption
  • Memory clearing: Sensitive data is automatically cleared from memory after use
  • Share validation: Shares are cryptographically validated before use
  • Integrity checking: File integrity is verified during reconstruction

Best Practices

  1. Test shares periodically with non-sensitive test data to ensure they're still valid
  2. Use clean, isolated systems for decryption when possible
  3. Verify output after decryption to ensure successful reconstruction
  4. Clear sensitive data from the system after use
  5. Document your threshold so you know how many shares you need