Partial/fragmented decryption keys

Wiktor Kwapisiewicz wiktor at
Mon Dec 9 21:40:27 CET 2019


> I recall from the early days of PGP that there was a way to create a corporate key, fragmented into a certain number of potions, which would require some quorum to be able to perform decryption. I pored over the GnuPG documentation but could not find an equivalent. Perhaps I?m just getting the terminology wrong. Is this still possible in OpenPGP and therefore in GnuPG?

It is indeed not implemented in GnuPG.

In case you're curious on how does it work in Symantec PGP here's the 

and a video tutorial:

Symantec recommends this feature for "extremely high security keys" by 
which I guess they mean designated revoker key or additional decryption 
key. Their implementation seems to bring all private keys to one trusted 
computer to reconstruct the combined key.

As others mentioned there is a flag for marking an OpenPGP key as 
"split" in the spec so theoretically it could implemented in free software.

One project that's close is DKGPG but mind that it "should NOT be used 
in production environments". Check out the following links:

Hope this helps!

Kind regards,


More information about the Gnupg-users mailing list