On Sun, Dec 08, 2019 at 10:48:47AM -0700, Joseph Bruni via Gnupg-users wrote:
I recall from the early days of PGP that there was a way to create a corporate key, fragmented into a certain number of potions, which would require some quorum to be able to perform decryption. [...] Is this still possible in OpenPGP and therefore in GnuPG?
The OpenPGP RFC [1] seems to acknowledge this possibility by defining a flag that can be set on a public key to indicate that the corresponding private key “may have been split by a secret-sharing mechanism” (§ 5.2.3.1). But it does not provide any details about how that feature should be implemented, leaving that entirely to the implementations (which makes sense, I guess, since what an implementation does with a private key is not supposed to have an impact on interoperability, and so does not need to be specified).
I don’t know about early (or even more recent) PGP versions, but GnuPG does not have such a feature. If you are interested the topic has been discussed a few years ago on the -devel mailing list [2].
Cheers, - Damien [1] https://tools.ietf.org/html/rfc4880#section-5.2.3.21[2] https://lists.gnupg.org/pipermail/gnupg-devel/2016-January/030681.html
signature.asc
Description: PGP signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
