I have some sensitive data that I need to encrypt and retain long-term (i.e., 5+ years at least). I'd ideally like to secure it using multiple hardware devices via a Shamir share. Something like:
data_key = gen_symmetric()
encrypted_data = encrypt_and_mac(key=data_key, payload=data_to_encrypt)
s1, s2, s3 = shamir(k=2, n=3, secret=data_key)
k1, k2, k3 = gen_symmetric(), gen_symmetric(), gen_symmetric()
encrypted_secrets = encrypt_and_mac(k1, s1) || encrypt_and_mac(k2, s2) || encrypt_and_mac(k3, s3)
output_to_save = encrypted_data || encrypted_secrets
With the idea to then save k1, k2, and k3 in hardware. (Along with some indication of which was the first, 2nd, 3rd secret).
This feels like I'm reinventing the wheel. Is there an existing standard for doing this or a similar crypto scheme? This related question suggests no. In that case, is the above scheme secure against an attacker that obtains one of the 3 devices?
