gpg question...

kevin lyda kevin@suberic.net
Tue May 22 16:57:02 2001


i've been hunting on google looking for information on split or shared
keys.  i'm not sure of the terminology.

let's say you have a group of people that will have public key encrypted
files sent to them.  at any point you want to make sure that any *two* of
the people in that group can unlock a private key to decrypt those files.

so if bob, alice, charles and dorothy are to receive a file, all it
would take to decrypt it is bob and alice; alice and charles; charles
and dorothy; and so on.  any two could decrypt it.

now if i relax the requirement a bit and say that any one person in that
group can decrypt, then the following three solutions apply:

    1) the sender encrypts with all the public keys of the recipients.
       this is not as inefficent as it sounds, however it will *only*
       work for the situation where a single person can do the decrypt.
    2) a shared key.  simple for the sender, however it can only work if
       either one person can decrypt or every person is required to
       decrypt.
    3) a split key.  a key pair is generated and then the private key
       is split into several parts.  depending on how it was configured
       at the time of the split, a certain number of pieces are required
       to have a full key.  pgp supports this (or at least i seem to
       recall reading about it - but i think it was only for windows
       and only in the professional version).  does gpg?

obviously #3 is the one i'm interested in because it combines the ease
of use for the sender for number 2, and a level of security beyond #1
(which is again beyond #2).

kevin

-- 
kevin@suberic.net          "Maybe one day downtrodden poo-eaters will
fork()'ed on 37058400       get a fair shake in Savage Love, but it's
meatspace place: work       not going to be today."
http://suberic.net/~kevin                 --dan savage, "savage love"

-- 
Irish Linux Users' Group: ilug@linux.ie
http://www.linux.ie/mailman/listinfo/ilug for (un)subscription information.
List maintainer: listmaster@linux.ie