gpg question...

kevin lyda
Tue May 22 16:57:02 2001

i've been hunting on google looking for information on split or shared
keys.  i'm not sure of the terminology.

let's say you have a group of people that will have public key encrypted
files sent to them.  at any point you want to make sure that any *two* of
the people in that group can unlock a private key to decrypt those files.

so if bob, alice, charles and dorothy are to receive a file, all it
would take to decrypt it is bob and alice; alice and charles; charles
and dorothy; and so on.  any two could decrypt it.

now if i relax the requirement a bit and say that any one person in that
group can decrypt, then the following three solutions apply:

    1) the sender encrypts with all the public keys of the recipients.
       this is not as inefficent as it sounds, however it will *only*
       work for the situation where a single person can do the decrypt.
    2) a shared key.  simple for the sender, however it can only work if
       either one person can decrypt or every person is required to
    3) a split key.  a key pair is generated and then the private key
       is split into several parts.  depending on how it was configured
       at the time of the split, a certain number of pieces are required
       to have a full key.  pgp supports this (or at least i seem to
       recall reading about it - but i think it was only for windows
       and only in the professional version).  does gpg?

obviously #3 is the one i'm interested in because it combines the ease
of use for the sender for number 2, and a level of security beyond #1
(which is again beyond #2).


--          "Maybe one day downtrodden poo-eaters will
fork()'ed on 37058400       get a fair shake in Savage Love, but it's
meatspace place: work       not going to be today."                 --dan savage, "savage love"

Irish Linux Users' Group: for (un)subscription information.
List maintainer: