Splitting a GPG private key

Alfredo Palhares masterkorp at masterkorp.net
Tue Apr 7 15:14:09 CEST 2015


Hello Daniel,

> Do you want to require multiple people to come together to use that
> secret key?  or do you want them each to have the ability to use the key
> independently from each other?

The objective is require multiple people to use that secret key. Yes

> The answer about what to do would depend on how you want the key to be
> used.

Basically this key would a part of the encryption group of all the other
credentails. And to be the only key to encrypt extremely sensitive data

> It's not clear to me that we have a functional workflow to support the
> first scenario (where multiple people must come together to use the
> secret key) without a lot of overhead for the users.

> My understanding is that the Tails community does something like this,
> but they are a highly-technical group who are willing to custom-build
> their own tools and to endure quite a bit of tedious and inconvenient
> process to protect the safety of their users.

Do they have this documented somewhere.

> Consider that anyone who ever has access to the raw secret material of
> the shared key can effectively make a copy of it and then use it
> elsewhere in the future.
Yes, the key joining is a whole proccess on an offline machine with the presence
of all elements.

> If you can define your desired use cases more clearly, maybe someone on
> this list can propose an effective workflow for you.

I am open to any suggestions.

Thank you for you input!

-- 
Alfredo Palhares
GPG/PGP Key Fingerprint
68FC B06A 6C22 8B9B F110
38D6 E8F7 4D1F 0763 CAAD
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: </pipermail/attachments/20150407/bc51aed4/attachment.sig>


More information about the Gnupg-users mailing list