From: kevin lyda (kevin at domain suberic.net)
Date: Tue 22 May 2001 - 14:16:02 IST
let's say you have a group of people that will have public key encrypted
files sent to them. at any point you want to make sure that any *two*
of those people can unlock a private key to decrypt those files.
now if i relax the requirement a bit and say that just one person can
decrypt, then the following three solutions apply:
1) the sender encrypts with all the public keys of the recipients.
this is not as inefficent as it sounds, however it will *only*
work for the situation where a single person can do the decrypt.
2) a shared key. simple for the sender, however it can only work if
either one person can decrypt or every person is required to
decrypt.
3) a split key. a key pair is generated and then the private key
is split into several parts. depending on how it was configured
at the time of the split, a certain number of pieces are required
to have a full key. pgp supports this (or at least i seem to
recall reading about it - but i think it was only for windows
and only in the professional version). does gpg?
obviously #3 is the one i'm interested in because it combines the ease
of use for the sender for number 2, and a level of security beyond #1
(which is again beyond #2).
btw, this is linux related. i'm sure the group of people know who they
are, and i'm sure they'd appreciate any help people here might be able
to offer in order to avoid a windows based solution.
kevin
-- kevin at domain suberic.net "Maybe one day downtrodden poo-eaters will fork()'ed on 37058400 get a fair shake in Savage Love, but it's meatspace place: work not going to be today." http://suberic.net/~kevin --dan savage, "savage love"
This archive was generated by hypermail 2.1.6 : Thu 06 Feb 2003 - 13:10:25 GMT