Partial/fragmented decryption keys
Damien Goutte-Gattat
dgouttegattat at incenp.org
Sun Dec 8 21:54:53 CET 2019
On Sun, Dec 08, 2019 at 10:48:47AM -0700, Joseph Bruni via Gnupg-users wrote:
>I recall from the early days of PGP that there was a way to create a
>corporate key, fragmented into a certain number of potions, which would
>require some quorum to be able to perform decryption. [...] Is this
>still possible in OpenPGP and therefore in GnuPG?
The OpenPGP RFC [1] seems to acknowledge this possibility by defining a
flag that can be set on a public key to indicate that the corresponding
private key “may have been split by a secret-sharing mechanism” (§
5.2.3.1). But it does not provide any details about how that feature
should be implemented, leaving that entirely to the implementations
(which makes sense, I guess, since what an implementation does with a
private key is not supposed to have an impact on interoperability, and
so does not need to be specified).
I don’t know about early (or even more recent) PGP versions, but GnuPG
does not have such a feature. If you are interested the topic has been
discussed a few years ago on the -devel mailing list [2].
Cheers,
- Damien
[1] https://tools.ietf.org/html/rfc4880#section-5.2.3.21
[2]
https://lists.gnupg.org/pipermail/gnupg-devel/2016-January/030681.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 228 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20191208/fd8df993/attachment.sig>
More information about the Gnupg-users
mailing list