Hi,
I recall from the early days of PGP that there was a way to create a corporate
key, fragmented into a certain number of potions, which would require some
quorum to be able to perform decryption. I pored over the GnuPG documentation
but could not find an equivalent. Perhaps I?m just getting the terminology
wrong. Is this still possible in OpenPGP and therefore in GnuPG?
It is indeed not implemented in GnuPG.
In case you're curious on how does it work in Symantec PGP here's the
description:
https://support.symantec.com/us/en/article.HOWTO42097.html
and a video tutorial: https://www.youtube.com/watch?v=Q_Mpa8TOhU0
Symantec recommends this feature for "extremely high security keys" by
which I guess they mean designated revoker key or additional decryption
key. Their implementation seems to bring all private keys to one trusted
computer to reconstruct the combined key.
As others mentioned there is a flag for marking an OpenPGP key as
"split" in the spec so theoretically it could implemented in free software.
One project that's close is DKGPG but mind that it "should NOT be used
in production environments". Check out the following links:
http://nongnu.org/dkgpg/
http://www.nongnu.org/libtmcg/kryptotag26_stamer_slides.pdf
Hope this helps!
Kind regards,
Wiktor
--
https://metacode.biz/@wiktor
_______________________________________________
Gnupg-users mailing list
[email protected]
http://lists.gnupg.org/mailman/listinfo/gnupg-users
