Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: GnuPG: devel

Secret-Sharing: changes to existing code

  

 
GnuPG devel RSS feed   Index | Next | Previous | View Threaded


sutter at informatik

Jul 31, 2008, 12:38 PM

Post #1 of 1 (125 views)
Permalink
Secret-Sharing: changes to existing code
Hi!

After solving my "decrypt shares to internal buffer" issue my proof of
concept code now provides all the functionalities I wanted to be
available before considering it the right way to go. So with my patched
version of gpg I can:

* setup an existing secret key for being shared (N is the threshold)
| gpg --ss-setup <N> <identifier>

* generate encrypted shares for an existing session
| gpg -r <identifier> -o sharefile --gen-share <identifier>

* list information about a share file
| gpg --list-packets sharefile

* list information about "open" sharing/recombining sessions
| gpg --ss-info <identifier (optional)>

* add a share for recombination
| gpg --ss-add-share sharefile

* clear sharing/recombining metadata
| gpg --ss-clear <identifier (optional)>

for now, there is no command for explicitly solving a recombining
session, as this is done each time after adding a share. The combiner is
able to detect whether the secret is already found or not. If so, the
secret data is being sent to gpg and imported to the secret keyring.

There are more features I could think of:
* a way for participants to store shares, and a command to prepare a
share for sending it to the combiner (i.e. de- and encrypting it)
* finer grained control about what data to clear with --ss-clear
(including removal of the secret key itself from the keyring)
* maybe some way to automate recombining shares via network (perhaps a
task for gpg-server?)
* maybe usage of these key-stubs and minimising the data being shared to
only the secret key params

but as I have to finish my diploma thesis first, from now on I will
concentrate on writing. Meanwhile I start sending in code for being
reviewed. The attachment contains only the changes to the existing files
to keep it simple for now. The rest will follow in chunks after I have
fixed all your concerns with this one.

Greetings, Phil

PS: something in advance: it may well be possible that I messed up
indentation in some cases, as it actually is not very consistent
throughout the existing code.
Attachments: gnupg_CHANGE.diff (18.0 KB)

GnuPG devel RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact lists@gossamer-threads.com
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.