Pass the SALT 2026

Cédric (Katvio.com)

Cédric is a seasoned DevSecOps and infrastructure engineer with 10yrs of experience spanning defense, blockchain, and cloud-native environments. He began his career working on safety-critical software in the defense industry, then moved into the blockchain space as a DevSecOps & SRE for the Tezos Foundation. He now runs his own digital agency, delivering security, and key management services to key accounts across banking and SaaS. His expertise sits at the intersection of cybersec, supply chain security, and applied cryptography, with a particular interest in privacy-preserving technologies. Company: Katvio.com


Session

07-02
15:10
35min
Fractum: an open-source CLI for Threshold-Based Cold Storage of Critical Secrets
Cédric (Katvio.com)

Shamir's Secret Sharing (SSS) has been trusted for decades by organizations like ICANN (DNSSEC root key ceremonies), Banks, Coinbase, Defense industry ; yet it remains largely inaccessible to individual practitioners and small teams who need cold storage for cryptocurrency wallets, SSH keys, infra recovery keys, or root CA credentials.
Between "encrypt it and pray you never lose the key" and a $50K HSM deployment there is a missing category: how do you back up the one secret that protects everything else, for years, with no single point of failure and no network?

This talk introduces Fractum, offline, FOSS command-line tool that encrypts a file with AES-256-GCM and splits the key, not the file, using Shamir's Secret Sharing, so any K of N shares recover it and fewer than K reveal nothing.

Attendees will take away: a clear mental model of how threshold cryptography works in practice, an understanding of the security properties (and honest limitations) of implementing SSS in Python, and a free tool they can use immediately for their own cold storage needs.

GitHub: https://github.com/katvio/fractum

Crypto for Users
Amphitheater 122