Back to / afis

package afis

v0.0.0 (9b94c9a)
Latest Go to latest
Published: Jan 31, 2019 | License: MIT | Module:


Package afis implements Anti-Forensic Information Splitting

The splitter supports secure data destruction crucial for secure on-disk key management. The key idea is to bloat information and therefor improving the chance of destroying a single bit of it. The information is bloated in such a way, that a single missing bit causes the original information become unrecoverable. The theory behind AFsplitter is presented in TKS1.

The interface is simple. It consists of two functions:

Split(data, stripes)
Merge(data, stripes)

Split operates on data and returns information splitted data. Merge does just the opposite: uses the information stored in data to recover the original splitted data.


AFsplitter reference implementation at

TKS1 paper at




var (
	ErrMinStripe = errors.New("afis: at least one stripe is required")
	ErrDataLen   = errors.New("afis: data length is not multiple of stripes")


var DefaultHash = sha1.New

DefaultHash is our default hashing function.

func Merge

func Merge(data []byte, stripes int) ([]byte, error)

Merge data splitted previously with Split using the default SHA-1 hash.



package afis

import (

var testVectors = []struct {
	data    []byte
	stripes int
	{[]byte(""), 1},
	{[]byte(""), 2},
	{[]byte("Look, it's Gophers everywhere!"), 1},
	{[]byte("Look, it's Gophers everywhere!"), 2},
	{[]byte("Look, it's Gophers everywhere!"), 4},
	{[]byte("Look, it's Gophers everywhere!"), 8},

func TestAFIS(t *testing.T) {
	for _, vector := range testVectors {
		t.Run("", func(t *testing.T) {
			splitted, err := Split(, vector.stripes)
			if err != nil {

			merged, err := Merge(splitted, vector.stripes)
			if err != nil {

			if !bytes.Equal(merged, {
				t.Fatalf("expected %q, got %q",, merged)

func ExampleMerge() {
	secretKey := make([]byte, 16)
	if _, err := io.ReadFull(rand.Reader, secretKey); err != nil {

	// Split the original data using 4 stripes.
	scrambled, err := Split(secretKey, 4)
	if err != nil {

	// Merge back
	key, err := Merge(scrambled, 4)
	if err != nil {

	if !bytes.Equal(key, secretKey) {
		panic("merge failed")

func MergeHash

func MergeHash(data []byte, stripes int, hashFunc func() hash.Hash) ([]byte, error)

MergeHash merges data splitted previously with the selected hash function.

func Split

func Split(data []byte, stripes int) ([]byte, error)

Split data using the default SHA-1 hash.

func SplitHash

func SplitHash(data []byte, stripes int, hashFunc func() hash.Hash) ([]byte, error)

SplitHash splits data using the selected hash function.

Documentation was rendered with GOOS=linux and GOARCH=amd64.

Jump to identifier

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to identifier