Secret Sharing in GPG

Dashamir Hoxha dashohoxha at
Mon Jan 18 15:57:38 CET 2016

On Sun, Jan 17, 2016 at 11:03 PM, Dashamir Hoxha <dashohoxha at>

> In terms of `gpg` commands and options it could be decsribed like this:
> 1. When generating a new key use the option `--split` like this:
>      `gpg --gen-key --split`
>     Without the option `--split` the command will have the normal behaviour
>     of just generating a new key pair.
>     With `--split` it will require a smart-card to be present, otherwise
> it will fail.
>     After generating the key pair, it will split the private key into 3
> shares,
>     will save one partial key locally (on the keyring), one on the
> smart-card,
>     and one on `private-key-backup.tgz`, and then will erase the private
> key.
>     It is the responsibility of the user to store `private-key-backup.tgz`
>     on a proper backup device (cloud, usb or whatever).
> 2. When an operation that needs the private key is requested (either sign
> or decrypt),
>     if only a partial key is available (not the whole private key), then
> the presence of the
>     smart-card will be required. Then the partial key of the smart-card
> will be combined
>     with the local partial key in order to reconstruct the private key,
> the private key will
>     be used to complete the operation, then the private key will be erased.
> 3. Assuming that the smart-card or the laptop has been lost (one of the
> partial keys
>     has been lost), we should be able to recover the private key like this:
>     `gpg --recover-key --backup-file=private-key-backup.tgz`
>     This will get the partial key from `private-key-backup.tgz`, will get
> another
>     partial key from the smart-card or from the local key ring, will
> reconstruct
>     the private key, will generate three other partial keys, will save one
> of them
>     on the local key ring (replacing the old partial, if it is there),
> will store
>     the second one on the smart-card (replacing the old partial if it is
> there),
>     will store the third partial on the file `private-key-new-backup.tgz`
> (and will
>     delete `private-key-backup.tgz`), and finally will erase the private
> key.
>     Then, it is the responsibility of the user to store the file
> `private-key-new-backup.tgz`
>     on the backup device (cloud or usb).

A usage case that I have missed is this:

4. When editing a solid private key, the user can have an option (command)
to convert it
    to a split key. It will save a partial key on the smart-card, a partial
key on the key-ring,
    and a third partial on a backup file. Then erase the solid private key
from the key-ring.
    The reverse should also be possible: converting a split key into a
solid key.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20160118/3133ad87/attachment-0001.html>

More information about the Gnupg-devel mailing list