key-restoration problem // secret sharing

vedaal at vedaal at
Fri Nov 2 14:40:47 CET 2007

>Message: 6
>Date: Thu, 1 Nov 2007 22:11:18 -0400
>From: David Shaw <dshaw at>
>Subject: Re: Key safety vs Backup : History of a bad day
>	(key-restoration	problem)

>>  Paperkey extracts just those secret bytes and prints them.  To
>> reconstruct, you re-enter those bytes (whether by hand or via 
>OCR) and
>> paperkey can use them to transform your existing public key into 
>> secret key."
>> --

>> (I think splitting a password into a few shares and distributing 
>> in suitable places is a sane way of writing down passwords. 
>> people may disagree.)

>Is secret sharing a feature that people would want in paperkey?  
>be able to print out a number of pages, and pick some threshold 
>of pages that would be needed to reconstruct the key.
>I consider paperkey as the "backup of last resort", and it occurs 
>me that the ability to stash different printed backups in multiple
>places is useful, in case there is fading/damage to a printout as
>happened to the poor fellow who started this thread.  That said, I 
>not completely convinced that it is better to use multiple
>secret-shared printouts rather than just multiple copies of the 
>printout.  Does anyone see a good use case (aside from the cool-
>factor) to using secret sharing in paperkey?

there may be an effective compromise workaround:

[1] remove the passphrase from the secret key

[2] (if not already in armored form, armor the secret key)

[3] split the armored ascii text, and distribute it
(carefully including the position lines,
this 'share' of the secret key block contains lines 9 through 16)

(am out of my depth here,
and welcome any technical input)

is there a section of the ascii-armored secret key block,
that by itself, is enough to reconstruct the secret key,
and if so,
how can it be determined which part of the keyblock it is,
in order to make sure that that section is 'split' for sharing ?



Click for free quote on refinancing your mortgage.

More information about the Gnupg-users mailing list