-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Hi,
we're looking into setting up a CA with openssl, but we would like to distribute the secret key amongst multiple persons. We're aware of Shamir's secret sharing algorithm, but we'd like to know if there is some algorithm supported by openssl, that fulfills the following requirements (2 and 3 are not fulfilled by Shamir's algorithm):
1. Secret key shared amongst N persons, M<N shares sufficient for using the key.
2. No secret material (or parts thereof) needs to be sent around, preferably not even during creation of the key.
3. Secret key will not be assembled from the shares for the acutal operation. E.g. each share operates independently, and the intermediate result is sent around, after M keyparts operated on it, the signature is complete and can be used.
If this is not supported by openssl, we're also open for suggestions of other (open source, free-to-use) software, that can achieve this and creates standard X.509 certificates (not sure if I termed that correctly).
Thank you in advance! Regards, Erich -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEE3p92iMrPBP64GmxZCu7JB1Xae1oFAl7KRVMACgkQCu7JB1Xa e1rhyBAAvzJUrwcyRLpdme/mWsF/ftuA8nqv/ccw4be9Q1Y/S72MU/7UhKW2dBE0 jp2tBV4zq5D3i37ElCy+Mco97cCQ+Ikg3pOtYaMYkK0hoybBlyX6onX0Y7jQhP2W N2v07HaN5RxtunxJgh7wUkWMy5arigKY9e645vJh5c8Ii5pwBb8QMwwMUJfb/1Hv 5yrF4x8la3lmqQSsAwkj0FFhAAmh+Xe/v4D+uoEzmTHY7vi9hGJsAAYNmJkwsIAb M/lK43wZRAXVbotFOVrud10wchBOSUtY0w6T5apmNJ/ArA61EbuFVtUUjjBYiv87 oVxr+3pydjJLDW4WczcKLKQdNbhGPhmmz4DDHxvhLXSTrtFAPUm4Qb3VeM1AO0it Gs943eoBkUrga6813sBmulbtM3fnfDbJro0/ZqQnh4/vRKQUy6LvMj2W/M/8Fn1C M8um53J35/BAakZhOHaNvDrVty4bEJ0y1fNs7JNNpQfB+WjL8C04g2uExNJmAKgG 0dmZxDNGrPLKrltz+R39j0gbA4P1hnYkcgAYFcGho0z468IV5sgleHN3FhAp1qr5 /TAuD2rwuPxT9wXf726n09iYJpq6jVhpBuF74mBNbyDdTzeeJtVq9mqngmhWqOCw KJcTXIhIem2wTA2yfhzf1PNK58hU55/lB36TnRryapp1rXLu1uU= =+60v -----END PGP SIGNATURE-----
