Tue May 22 16:57:02 2001
i've been hunting on google looking for information on split or shared
keys. i'm not sure of the terminology.
let's say you have a group of people that will have public key encrypted
files sent to them. at any point you want to make sure that any *two* of
the people in that group can unlock a private key to decrypt those files.
so if bob, alice, charles and dorothy are to receive a file, all it
would take to decrypt it is bob and alice; alice and charles; charles
and dorothy; and so on. any two could decrypt it.
now if i relax the requirement a bit and say that any one person in that
group can decrypt, then the following three solutions apply:
1) the sender encrypts with all the public keys of the recipients.
this is not as inefficent as it sounds, however it will *only*
work for the situation where a single person can do the decrypt.
2) a shared key. simple for the sender, however it can only work if
either one person can decrypt or every person is required to
3) a split key. a key pair is generated and then the private key
is split into several parts. depending on how it was configured
at the time of the split, a certain number of pieces are required
to have a full key. pgp supports this (or at least i seem to
recall reading about it - but i think it was only for windows
and only in the professional version). does gpg?
obviously #3 is the one i'm interested in because it combines the ease
of use for the sender for number 2, and a level of security beyond #1
(which is again beyond #2).
email@example.com "Maybe one day downtrodden poo-eaters will
fork()'ed on 37058400 get a fair shake in Savage Love, but it's
meatspace place: work not going to be today."
http://suberic.net/~kevin --dan savage, "savage love"
Irish Linux Users' Group: firstname.lastname@example.org
http://www.linux.ie/mailman/listinfo/ilug for (un)subscription information.
List maintainer: email@example.com