Splitting a GPG private key
Bob (Robert) Cavanaugh
robertc at broadcom.com
Tue Apr 7 19:29:59 CEST 2015
I don't have any personal experience with splitting the key. What we do at my employer is split the secret key passphrase. Yes, this is a manual process but very secure. For highly important keys we assign six trusted individuals, three have defined one half of the passphrase and three have defined the other half. The halves are backed up physically and stored securely in two separate locations. No one person knows the entire passphrase ever. When encryption is required, one person from each of the three people physically inputs their half of the passphrase. Decryption happens normally. Obviously this only works if you only encrypt a small amount of secret material or do it infrequently. We have found this to be a very secure method.
More information about the Gnupg-users