distributed secret key

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hi,

we're looking into setting up a CA with openssl, but we would like to distribute the secret key amongst multiple persons. We're aware of Shamir's secret sharing algorithm, but we'd like to know if there is some algorithm supported by openssl, that fulfills the following requirements (2 and 3 are not fulfilled by Shamir's algorithm):

1. Secret key shared amongst N persons, M<N shares sufficient for using the key.

2. No secret material (or parts thereof) needs to be sent around, preferably not even during creation of the key.

3. Secret key will not be assembled from the shares for the acutal operation. E.g. each share operates independently, and the intermediate result is sent around, after M keyparts operated on it, the signature is complete and can be used.

If this is not supported by openssl, we're also open for suggestions of other (open source, free-to-use) software, that can achieve this and creates standard X.509 certificates (not sure if I termed that correctly).

Thank you in advance!

Regards,
Erich

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEE3p92iMrPBP64GmxZCu7JB1Xae1oFAl7KRVMACgkQCu7JB1Xa
e1rhyBAAvzJUrwcyRLpdme/mWsF/ftuA8nqv/ccw4be9Q1Y/S72MU/7UhKW2dBE0
jp2tBV4zq5D3i37ElCy+Mco97cCQ+Ikg3pOtYaMYkK0hoybBlyX6onX0Y7jQhP2W
N2v07HaN5RxtunxJgh7wUkWMy5arigKY9e645vJh5c8Ii5pwBb8QMwwMUJfb/1Hv
5yrF4x8la3lmqQSsAwkj0FFhAAmh+Xe/v4D+uoEzmTHY7vi9hGJsAAYNmJkwsIAb
M/lK43wZRAXVbotFOVrud10wchBOSUtY0w6T5apmNJ/ArA61EbuFVtUUjjBYiv87
oVxr+3pydjJLDW4WczcKLKQdNbhGPhmmz4DDHxvhLXSTrtFAPUm4Qb3VeM1AO0it
Gs943eoBkUrga6813sBmulbtM3fnfDbJro0/ZqQnh4/vRKQUy6LvMj2W/M/8Fn1C
M8um53J35/BAakZhOHaNvDrVty4bEJ0y1fNs7JNNpQfB+WjL8C04g2uExNJmAKgG
0dmZxDNGrPLKrltz+R39j0gbA4P1hnYkcgAYFcGho0z468IV5sgleHN3FhAp1qr5
/TAuD2rwuPxT9wXf726n09iYJpq6jVhpBuF74mBNbyDdTzeeJtVq9mqngmhWqOCw
KJcTXIhIem2wTA2yfhzf1PNK58hU55/lB36TnRryapp1rXLu1uU=
=+60v
-----END PGP SIGNATURE-----



[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux