Integrating n-of-m threshold scheme

Werner Koch wk at gnupg.org
Mon Sep 7 19:24:29 CEST 2015


On Sat,  5 Sep 2015 19:47, andreas.schwier.ml at cardcontact.de said:

> One idea is to provide an additional set of commands in scdaemon that
> allow a secondary application to perform authentication. The other idea
> is to provide a separate tool like pinentry that performs the
> authentication steps. Ideally the scheme should allow remote
> authentication, e.g. where key custodians can connect over the Internet

FWIW: There used to be a remote feature in scdaemon (RAPDU) to access
card services from remote using an ssh connection.  It actually worked
once upon a time but it was not finished due bankrupt of the customer.

The main problem with secret sharing is obviously the user interface and
the very reason why we do not yet have this in GnuPG.  There was an
interesting project which might be useful for ideas:

 https://lists.gnupg.org/pipermail/gnupg-devel/2008-July/024506.html
 https://lists.gnupg.org/pipermail/gnupg-devel/2008-November/024662.html
 http://nwl.cc/cgi-bin/git/gitweb.cgi?p=ssd.git;a=summary

What are the use cases you have in mind?


Salam-Shalom,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.




More information about the Gnupg-devel mailing list