Secret Sharing

Phil Sutter sutter at
Sat Jul 19 17:52:48 CEST 2008


So far I have a working daemon setting up new Secret-Sharing sessions
and/or combining given shares. It already talks assuan.

In order to improve usability (a lot in my eyes), the daemon uses a
backing store (two files for now) holding all (sharing and combining)
sessions, so it can be called multiple times inserting/generating a
share each time.

On Sun, May 25, 2008 at 02:30:53PM +0200, Phil Sutter wrote:
> using an implementation of Shamir's (t,w)-threshold scheme I want to
> share the passphrase to a secret key. At least for now the algorithm
> will operate in GF(p).

Currently I'm using an implementation of arithmetics in GF(2^8) written
by James S. Plank, so the secret can consist of an arbitrary number of
bytes and therefore hold the hole secret key.

For the user interface I think of implementing the following set of

* setup: generate a new key pair, feed the secret key into a new
         Secret-Sharing session and return the pubkey
* get_share: generate and return a new share for the session identified
             by given keygrip
* finalise: remove all data (including the secret key) of the session
            corresponding to the given keygrip

* combine: prepare combining shares for the given keygrip
* add_share: add the given share to the interpolation for it's keygrip;
             if the key is available then, return it and remove the
             interpolation metadata

gpg-agent uses GNUPG_PRIVATE_KEYS_DIR to lookup secret keys (at least)
(agent_key_available()). I haven't found the code yet where any key is
being written there, is it desirable at all to write recombined secret
keys there, or should I pass them over to gpg directly?

Greetings, Phil

More information about the Gnupg-devel mailing list