Secret-sharing for GPG?
Roger Burton West
roger at firedrake.demon.co.uk
Sat Dec 5 08:56:04 CET 1998
On Fri, Dec 04, 1998 at 08:20:09PM -0800, brian moore wrote:
>(And, outside of the ISP world, it happens a lot more often. At least
>most geeks think in binary so you know where they stand. Civilians are
>random and rip off their employers all the time.)
Hey, I _like_ that way of putting it! :-)
>There are methods of splitting the key so that any n pieces out of m
>are needed to sign.
Yes, that's _exactly_ what I'm talking about implementing.
At the moment, I'm assuming I'd need a new packet descriptor,
"key fragment". The fragmentation/recombining process would have
to work on keys - invocation would be something like:
(1) - fragment this secret key (needs passphrase as usual)
(2) - recombine these fragment files to a secret key
(3) - encrypt this message and fragment the message key
(4) - use these fragment files to decrypt this message
The (3)/(4) mechanism would be sufficient for general purpose use,
with (1)/(2) only used occasionally - the only reason not to treat
the secret key as a message is that one wants to fragment the
"naked" rather than the encrypted key.
I'm assuming that getting the files to the same place is Not My
Problem. :-)
Cheers,
Roger
--
Roger Burton West
Frontline Administrator, Demon Internet Ltd - of _course_ I don't speak
Home: roger at firedrake.demon.co.uk for them!
Web: http://www.firedrake.demon.co.uk
More information about the Gnupg-devel
mailing list