splitting keys

Adrian 'Dagurashibanipal' von Bidder avbidder@fortytwo.ch
Fri Feb 21 10:01:01 2003

Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

On Fri, 2003-02-21 at 01:14, David Picon Alvarez wrote:

> Is it likely that secret sharing will be ever incorporated in GnuPG? By
> secret sharing I understand the following, but maybe I'm wrong:

The big problem with key sharing algorithm is: where do you do the
computation? Where do you assemble the key, and how do you guarantee
that the owner of that computer does not keep a copy of the assembled
key? IIRC, the classical key sharing algorithms work by distributing a
secret (without any knowledge about what that secret is), the assembled
secret is then used as key.

I'm told this problem can be solved, there are algorithms where you can
distribute the computation without the whole key ever being assembled.
But I'm not into that, so you'll have to do your own research
(especially: I don't know if any of these algorithms are developed far
enough to be acutally useable).

It's just my opinion that unless this problem is solved, key
distribution/sharing algorithms shouldn't go into gpg. As soon as you
require one designated computer to be trusted, you've lost.

(corrections welcome - I'm not that sure about it all)

-- vbi


Is that still your insanely big key? I dare not verify your signatures,
because gpg is sooooo slooooooowwww. Really defeats the purpose of
digital signatures...

featured link: http://fortytwo.ch/smtp

Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part

Version: GnuPG v1.2.1 (GNU/Linux)
Comment: get my key from http://fortytwo.ch/gpg/92082481

Signature policy: http://fortytwo.ch/legal/gpg/email.20020822?version=1.3&md5sum=14ca616f14682a82cb9cc25c9b34a10d