Partial/fragmented decryption keys
dgouttegattat at incenp.org
Sun Dec 8 21:54:53 CET 2019
On Sun, Dec 08, 2019 at 10:48:47AM -0700, Joseph Bruni via Gnupg-users wrote:
>I recall from the early days of PGP that there was a way to create a
>corporate key, fragmented into a certain number of potions, which would
>require some quorum to be able to perform decryption. [...] Is this
>still possible in OpenPGP and therefore in GnuPG?
The OpenPGP RFC  seems to acknowledge this possibility by defining a
flag that can be set on a public key to indicate that the corresponding
private key “may have been split by a secret-sharing mechanism” (§
188.8.131.52). But it does not provide any details about how that feature
should be implemented, leaving that entirely to the implementations
(which makes sense, I guess, since what an implementation does with a
private key is not supposed to have an impact on interoperability, and
so does not need to be specified).
I don’t know about early (or even more recent) PGP versions, but GnuPG
does not have such a feature. If you are interested the topic has been
discussed a few years ago on the -devel mailing list .
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 228 bytes
Desc: not available
More information about the Gnupg-users