Split private Key

Wed Sep 12 16:40:01 2001

On Wed, Sep 12, 2001 at 06:06:45AM -0700, Michael Sierchio wrote:

> 

> matt wrote:

> 

> > Use dd(1). Say the key is 1000B:

> > $ dd if=key.file of=key.file.1 bs=300 count=1

> > $ dd if=key.file of=key.file.2 bs=300 skip=1 count=1

> > $ dd if=key.file of=key.file.3 bs=300 skip=2

> > 

> 

> This reveals key bits to the holders, however.  Using

> a K-of-N threshold scheme, or even a simple XOR,  prevents

> the holders from having any knowledge of the key bits.


Why not encrypt the Certificate key, prior to splitting it,
with a public RSA or DSS key that you do not publish?  Then any holder
would have to have the associated private key AND all the other parts to
do any damage.
--
Clay