Split private Key

Clayton Haapala clay@haapi.mn.org
Wed Sep 12 16:40:01 2001


On Wed, Sep 12, 2001 at 06:06:45AM -0700, Michael Sierchio wrote:

>
> matt wrote:
>
> > Use dd(1). Say the key is 1000B:
> > $ dd if=key.file of=key.file.1 bs=300 count=1
> > $ dd if=key.file of=key.file.2 bs=300 skip=1 count=1
> > $ dd if=key.file of=key.file.3 bs=300 skip=2
> >
>
> This reveals key bits to the holders, however. Using
> a K-of-N threshold scheme, or even a simple XOR, prevents
> the holders from having any knowledge of the key bits.
Why not encrypt the Certificate key, prior to splitting it, with a public RSA or DSS key that you do not publish? Then any holder would have to have the associated private key AND all the other parts to do any damage. -- Clay