Secret Sharing in GPG
Dashamir Hoxha
dashohoxha at gmail.com
Mon Jan 18 15:57:38 CET 2016
On Sun, Jan 17, 2016 at 11:03 PM, Dashamir Hoxha <dashohoxha at gmail.com>
wrote:
>
> In terms of `gpg` commands and options it could be decsribed like this:
>
> 1. When generating a new key use the option `--split` like this:
> `gpg --gen-key --split`
>
> Without the option `--split` the command will have the normal behaviour
> of just generating a new key pair.
> With `--split` it will require a smart-card to be present, otherwise
> it will fail.
> After generating the key pair, it will split the private key into 3
> shares,
> will save one partial key locally (on the keyring), one on the
> smart-card,
> and one on `private-key-backup.tgz`, and then will erase the private
> key.
> It is the responsibility of the user to store `private-key-backup.tgz`
> on a proper backup device (cloud, usb or whatever).
>
> 2. When an operation that needs the private key is requested (either sign
> or decrypt),
> if only a partial key is available (not the whole private key), then
> the presence of the
> smart-card will be required. Then the partial key of the smart-card
> will be combined
> with the local partial key in order to reconstruct the private key,
> the private key will
> be used to complete the operation, then the private key will be erased.
>
> 3. Assuming that the smart-card or the laptop has been lost (one of the
> partial keys
> has been lost), we should be able to recover the private key like this:
> `gpg --recover-key --backup-file=private-key-backup.tgz`
>
> This will get the partial key from `private-key-backup.tgz`, will get
> another
> partial key from the smart-card or from the local key ring, will
> reconstruct
> the private key, will generate three other partial keys, will save one
> of them
> on the local key ring (replacing the old partial, if it is there),
> will store
> the second one on the smart-card (replacing the old partial if it is
> there),
> will store the third partial on the file `private-key-new-backup.tgz`
> (and will
> delete `private-key-backup.tgz`), and finally will erase the private
> key.
> Then, it is the responsibility of the user to store the file
> `private-key-new-backup.tgz`
> on the backup device (cloud or usb).
>
A usage case that I have missed is this:
4. When editing a solid private key, the user can have an option (command)
to convert it
to a split key. It will save a partial key on the smart-card, a partial
key on the key-ring,
and a third partial on a backup file. Then erase the solid private key
from the key-ring.
The reverse should also be possible: converting a split key into a
solid key.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20160118/3133ad87/attachment-0001.html>
More information about the Gnupg-devel
mailing list