Secret-sharing for GPG?

brian moore bem at
Fri Dec 4 08:12:48 CET 1998

On Fri, Dec 04, 1998 at 12:09:07PM +0000, Roger Burton West wrote:
> (1) Is there any interest in a secret-sharing encryption mode?  The 
> principle is that one has a message key which is split into sections, 
> such that any (N) of the sections are sufficient to recreate the key, 
> but any (N-1) are not. While it's not the sort of thing one might often 
> want to do, I can see it being useful for secret-key backups, among 
> others. I am familiar with the mathematical protocols and have written 
> implementations of this sort of thing before.

It would be useful for other reasons, too.  Things like 'role accounts'
with the Internic are sort of stupid without key-sharing.  Either
everyone on the role-list has the same key (which means they can steal
it if they leave and forge mail that breaks your name service) or you're
back to having one person do the job which defeats the point of a role
account.   I have no idea how places that host a million domain
customers handle it.

> (1a) does this cause any problem in the context of the OpenPGP
> standard?

It shouldn't: the commercial PGP's 'for business' can do it.

I haven't looked at how they handle the process, though, if each client
has to be signing at the same time, or if they have some sort of
repository and a server that handles it.

Brian Moore                       | "The Zen nature of a spammer resembles
      Sysadmin, C/Perl Hacker     |  a cockroach, except that the cockroach
      Usenet Vandal               |  is higher up on the evolutionary chain."
      Netscum, Bane of Elves.                 Peter Olson, Delphi Postmaster

More information about the Gnupg-devel mailing list