On Sun, Aug 1, 2010 at 7:10 AM, Peter Gutmann <[email protected]> wrote: > ...does anyone know of any significant use [of split keys] by > J.Random luser? I'm interested in this from a usability point > of view. > Maybe not J.Random but J.Corporate...
A few jobs ago back in the late '90s, I worked for Network Associates which had bought PGP (the company). We instituted the use of PGP (the technology) corporate-wide for email and encrypted disk volumes. PGP allows for enforceable key recovery - corporate clients demanded it. Our corporate key recovery key was split into, I think, 5 parts with 3 parts required for key recovery. The parts were held by various corporate executive/officer types. The PGP product mostly hid from the end user the fact that every PGP-encrypted thing had an encrypted private key along with it (you could poke around and see the key recovery blob if you really wanted to). I don't know what the key recovery UI looked like. > > As a corollary, has anyone gone through the process of recovering a key from > shares held by different parties...? > It just so happens, I lost my PGP private key a year or two into this (failed to copy it when transferring to a new desktop). We had well documented procedures for key recovery. I never got my key or data back. I was never informed why. Perhaps the seldom used key recovery software had bugs and wouldn't work for my key, or we couldn't get the required big wigs into one room, or, probably most likely, at least three big wigs lost their shares. ---- Michael Heyman --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [email protected]
