Splitting a GPG private key
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Tue Apr 7 15:58:19 CEST 2015
On Tue 2015-04-07 09:14:09 -0400, Alfredo Palhares wrote:
> [dkg wrote:]
>> Do you want to require multiple people to come together to use that
>> secret key? or do you want them each to have the ability to use the key
>> independently from each other?
> The objective is require multiple people to use that secret key. Yes
This is still ambiguous to me. I described two distinct cases, and i'm
not sure which one you are agreeing to. From the rest of your message,
i think you're agreeing to the first question, but not the second.
>> The answer about what to do would depend on how you want the key to be
> Basically this key would a part of the encryption group of all the other
> credentails. And to be the only key to encrypt extremely sensitive data
I don't know what "the encryption group" means. can you explain
further? I think you might mean that everything encrypted to any key
will also be encrypted to this key; and that some especially sensitive
material will *only* be encrypted to this key.
>> My understanding is that the Tails community does something like this,
>> but they are a highly-technical group who are willing to custom-build
>> their own tools and to endure quite a bit of tedious and inconvenient
>> process to protect the safety of their users.
> Do they have this documented somewhere.
* Is not owned in a usable format by any single individual. It is split
cryptographically using gfshare.
gfshare is: http://www.digital-scurf.org/software/libgfshare
If you have more questions about how they this, you may wish to ask them
to the tails folks themselves:
I find that their mailing lists and IRC channel (see "Support List" and
"Chat" at the bottom of the page) are usually pretty helpful and
responsive to well-framed questions.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 948 bytes
Desc: not available
More information about the Gnupg-users