Suggestions of standards added to openpgp/Gnupg/LibrePgp

Wed Apr 1 00:58:59 CEST 2026

On 31/03/2026 17:09, Hakun_the_eril via Gnupg-users wrote:
> Oh  I was not aware of that.
>
> My arguments are:
> Shamirs secret has been around since 1979,- I find it odd that it is 
> not included in Openpgp.
You mean "secret sharing scheme", not any of the other things he made that
deals with secrets?

> It could add things like distributed key custody, hardware enforced 
> split custody. Right now,- if someone with a key leaves or dies 
> important encrypted data gets lost.
> That would cause issues for any organization.   It could also fix the 
> plausible "only one person knows the password" to a " K of N can 
> cooperate" situation.
> That would also work for a encrypted file system,- split into parts.
> If a hardware token has , say 256 GB space.. Then it can be a part of 
> a Shamirs secret scheme.  4 out of 6 keys could be used to recreate 
> the shared encrypted file system on a empty drive.
Copying the deeply protected secret stuff to a plaintext copy on a 
device with
unknown deletion abilities is a clear security risk that should not be 
taken.
Instead create an intermediary layer that extracts the secret key from the
sharing scheme and keeps it in memory just long enough to access the actual
secret data (such as PGP private keys) on the fly.
>
>
> Ephemeral signed elliptic curve diffie hellman is usable, because it 
> will solve a forward security issue.
> If you encrypt say radio transmissions with the same key over long 
> periods anyone who gets hold of that key can decrypt old transmissions.
> TLS 1.3 , the signal protocol and versions of openssh that is never 
> than  5.7 supports this.
Ephemeral DH (classic or ECC) only works if the recipient can send you
an ephemeral public key, thus not on any one-way channel such as
broadcast radio, e-mail, messages for the future etc. etc.

Signing the keys makes sense only if there is a risk that an attacker
sends you a different key, which there often is, but it is not a given,
since some means will eventually be needed to establish trust in the
party whose key you need to trust.

>
> I have no business relations with Baochip,- I just think its 
> interesting and neat.
>
>
> tir. 31. mars 2026 kl. 16:27 skrev Robert J. Hansen via Gnupg-users 
> <gnupg-users at gnupg.org <mailto:gnupg-users at gnupg.org>>:
>
>     Hakun, this list overwhelmingly prefers plain text, not HTML. Some
>     list
>     members (including Werner!) simply don't read HTML-composed
>     emails. And
>     sometimes, HTML emails render in a format that makes it impossible
>     to read.
>
>     > As the Baochip-x1 has the hardware to do a lot of cryptographic
>     > functions like active zeroisation, Ed25519 signed boot, Glitch
>     sensors,
>     > security mesh, PV sensor, ECC-protected RAM,Algorithm-agnostic
>     engine
>     > etc I think that these could be added to standards.
>
>     Why?
>
>     That's the basic question here. What is the use case for LibrePGP
>     that
>     isn't being adequately addressed by the spec, and how would these
>     changes mitigate that shortcoming?
>
>     If you can give a good and terse answer to that question I'll be
>     happy
>     to consider this proposal.
>
>     > The baochips specs can be found here: https://www.baochip.com/
>
>     Do you have any business relationship to this vendor?
>
Enjoy

Jakob
-- 
Jakob Bohm, CIO, Partner, WiseMo A/S.  https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark.  Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20260401/49a7fa03/attachment.html>