Partial/fragmented decryption keys
Philip Jackson
philip-jackson at gmx.com
Sun Dec 8 20:41:05 CET 2019
On 08/12/2019 18:48, Joseph Bruni via Gnupg-users wrote:
> I recall from the early days of PGP that there was a way to create a corporate key, fragmented into a certain number of potions, which would require some quorum to be able to perform decryption. I pored over the GnuPG documentation but could not find an equivalent. Perhaps I’m just getting the terminology wrong. Is this still possible in OpenPGP and therefore in GnuPG?
I don't know about a solution within PGP but it sounds a bit like 'ssss' - Shamir's Secret Sharing Scheme.
I quote the description within Ubuntu linux distribution of the ssss package :
"allows a secret to be split in to shares.
These shares can then be distributed to different people. When the time comes
to retrieve the secret then a preset number of the shares need to be combined.
The number of shares created, and the number needed to retrieve the secret
are set at splitting time. The number of shares required to re-create the
secret can be chosen to be less that the number of shares created, so any
large enough subset of the shares can retrieve the secret.
This scheme allows a secret to be shared, either to reduce the chances that
the secret is lost, or to increase the number of parties that must cooperate
to reveal the secret."
hhh
Philip
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20191208/ce10a492/attachment.html>
More information about the Gnupg-users
mailing list