From: firstname.lastname@example.org (Archimboldo)
Message Hash: 8f617eeb83bf3742e02892753195d48238e00b38a60ea22471d389b58c31c6c7
Message ID: <9311122332.AA17912@anon.penet.fi>
Reply To: N/A
UTC Datetime: 1993-11-12 23:33:46 UTC
Raw Date: Fri, 12 Nov 93 15:33:46 PST
From: email@example.com (Archimboldo) Date: Fri, 12 Nov 93 15:33:46 PST To: firstname.lastname@example.org Subject: Key Sharing Protocols Message-ID: <9311122332.AA17912@anon.penet.fi> MIME-Version: 1.0 Content-Type: text/plain I'm working on an internal protocol for securing company records and I'd like to solicit some net.wisdom. One of my requirements is to ensure that no data is lost if an employee quits, is fired, dies, etc. At the same time, I don't want to have a security officer with the "keys to the castle" for every user. I've had these ideas, so far. * Use PGP for all encryption, for both E-mail and personal files on disk. * For personal files, encrypt with your own public key. This allows all files and communications to be encrypted while using one passphrase, which may be changed without having to re- encrypt files. To allow for loss of a passphrase, for whatever reason, use a secret sharing protocol to split the secret key of the user into several pieces, held by designated security officers. Reconstruction of the key will require cooperation by "n" security officers. I have some problems with this. * While I can extract the secret key from the user's private keyring, it is still encrypted by the user's passphrase. Is there any method for extracting an unencrypted key? * If there is no way to produce an unencrypted key, I could have the user extract her key after setting her passphrase to some standard value, and then change it again after extraction. * How can I ensure, without reconstructing the key from my secret sharers, that the key and passphrase I have been given are, in fact, correct. If I could produce an unencrypted key, I would just have to verify that this was the correct private RSA key. If the private key can only be extracted encrypted, I have to verify both the standard passphrase and the private RSA key. I would be interested in comments and suggestions on this proposed protocol and the unresolved issues. My intent is that a user be able to generate a key pair, run a job to split the key into n segments for the sharers and have the sharers able to verify that they have the correct key, without having to reassemble the key. Has anyone implemented code for any of the secret sharing protocols, or am I going to have to reinvent this particular wheel? ------------------------------------------------------------------------- To find out more about the anon service, send mail to email@example.com. Due to the double-blind, any mail replies to this message will be anonymized, and an anonymous id will be allocated automatically. You have been warned. Please report any problems, inappropriate use etc. to firstname.lastname@example.org.