Fractum documentation

Fractum encrypts a file locally with AES-256-GCM, then splits the encryption key into a K-of-N set of Shamir shares. The practical goal is not simply to create shares: it is to make recovery possible after people, places, or devices become unavailable.

Start with a disposable file. Complete the whole route once before placing an important secret in the workflow.

01 / PREPAREChoose your runtimeInstall with Docker for a contained runtime, or use the supplied bootstrap scripts. 02 / ENCRYPTCreate a share setPick a realistic threshold, encrypt a test file, and inspect the outputs. 03 / CUSTODYSeparate the sharesPlan independent custodians, locations, and recovery instructions. 04 / RECOVERProve the plan worksBring together K shares and recover the test file before you need it.

Choose the task in front of you

Run with DockerBuild the image, mount only your working folders, and use Docker network isolation when your procedure requires it. Run from sourceUse the supported Python version and the bootstrap script for Linux, macOS, or Windows. Encrypt a fileUse the core command, understand K and N, and see exactly what Fractum creates. Recover a fileUse share archives or enter share values manually when only the values are available. Use guided promptsLet the CLI ask for the operation and parameters step by step when a direct command is not the right fit.

Read before a real operation

Security best practices turns the command sequence into an operational plan.
Security architecture explains the current implementation and its limits.
FAQ answers the scope, recovery, licence, and audit questions in one place.