Split private key in order to share among users
Andrew Gallagher
andrewg at andrewg.com
Sun Dec 20 11:05:25 CET 2020
> On 20 Dec 2020, at 09:19, Alexander Kriegisch <alexander at kriegisch.name> wrote:
>
> The original PGP used to have this feature around 20 years ago already,
> maybe some people remember. In the list archive I found two threads,
> both several years old, asking about this feature in GnuPG, but there
> were no conclusive answers, only workaround suggestions like to split
> the binary or ASCII key file or print the password and share parts of
> the passwords, neither of which satisfy the original requirements
> covered by the original PGP functionality. Example:
>
> I split a private key file with PGP into these shares:
> -- User A gets a piece of key worth 2 shares.
> -- User B gets a piece of key worth 2 shares.
> -- User C gets a piece of key worth 1 share.
> -- User D gets a piece of key worth 1 share.
> -- User E gets a piece of key worth 1 share.
> -- User F gets a piece of key worth 1 share.
>
> I define that at least 5 shares are necessary to re-assemble a valid
> decryption key, i.e. we need for example
> -- A + B + one other user
> -- C + D + E + either A or B
> for decryption.
>
You’re referring to Shamir’s secret sharing scheme, for which several implementations exist. If you are using Linux, it should be as simple as installing the “ssss” package.
A
More information about the Gnupg-users
mailing list