* In any case, I am unaware of any existing system which meets your requirement 3. Admittedly, I haven't specifically searched for such.
CertCo (now defunct, don’t know who has the intellectual property) had a patent that did ALL of the things. RSA keygen, split the key, each key signs the data, looks like an RSA signature, then when enough have been done, combine them and it matches the original pre-split public key. That, and the followon patents, are cool. Don’t know if they’re expired or not. To answer the main question: OpenSSL doesn’t do anything remotely in this area. The closest is multi-prime RSA.
