Integrating n-of-m threshold scheme
Werner Koch
wk at gnupg.org
Mon Sep 7 19:24:29 CEST 2015
On Sat, 5 Sep 2015 19:47, andreas.schwier.ml at cardcontact.de said:
> One idea is to provide an additional set of commands in scdaemon that
> allow a secondary application to perform authentication. The other idea
> is to provide a separate tool like pinentry that performs the
> authentication steps. Ideally the scheme should allow remote
> authentication, e.g. where key custodians can connect over the Internet
FWIW: There used to be a remote feature in scdaemon (RAPDU) to access
card services from remote using an ssh connection. It actually worked
once upon a time but it was not finished due bankrupt of the customer.
The main problem with secret sharing is obviously the user interface and
the very reason why we do not yet have this in GnuPG. There was an
interesting project which might be useful for ideas:
https://lists.gnupg.org/pipermail/gnupg-devel/2008-July/024506.html
https://lists.gnupg.org/pipermail/gnupg-devel/2008-November/024662.html
http://nwl.cc/cgi-bin/git/gitweb.cgi?p=ssd.git;a=summary
What are the use cases you have in mind?
Salam-Shalom,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
More information about the Gnupg-devel
mailing list