Secret-sharing for GPG?

Roger Burton West roger at
Sat Dec 5 08:56:04 CET 1998

On Fri, Dec 04, 1998 at 08:20:09PM -0800, brian moore wrote:

>(And, outside of the ISP world, it happens a lot more often.  At least
>most geeks think in binary so you know where they stand.  Civilians are
>random and rip off their employers all the time.)

Hey, I _like_ that way of putting it! :-)

>There are methods of splitting the key so that any n pieces out of m
>are needed to sign.

Yes, that's _exactly_ what I'm talking about implementing.

At the moment, I'm assuming I'd need a new packet descriptor,
"key fragment". The fragmentation/recombining process would have
to work on keys - invocation would be something like:

(1) - fragment this secret key (needs passphrase as usual)

(2) - recombine these fragment files to a secret key

(3) - encrypt this message and fragment the message key

(4) - use these fragment files to decrypt this message

The (3)/(4) mechanism would be sufficient for general purpose use,
with (1)/(2) only used occasionally - the only reason not to treat
the secret key as a message is that one wants to fragment the
"naked" rather than the encrypted key.

I'm assuming that getting the files to the same place is Not My
Problem. :-)



Roger Burton West
Frontline Administrator, Demon Internet Ltd - of _course_ I don't speak
Home: roger at             for them!

More information about the Gnupg-devel mailing list