The original PGP used to have this feature around 20 years ago already, maybe some people remember. In the list archive I found two threads, both several years old, asking about this feature in GnuPG, but there were no conclusive answers, only workaround suggestions like to split the binary or ASCII key file or print the password and share parts of the passwords, neither of which satisfy the original requirements covered by the original PGP functionality. Example:
I split a private key file with PGP into these shares: -- User A gets a piece of key worth 2 shares. -- User B gets a piece of key worth 2 shares. -- User C gets a piece of key worth 1 share. -- User D gets a piece of key worth 1 share. -- User E gets a piece of key worth 1 share. -- User F gets a piece of key worth 1 share. I define that at least 5 shares are necessary to re-assemble a valid decryption key, i.e. we need for example -- A + B + one other user -- C + D + E + either A or B for decryption. I.e. neither the 4 minor nor the 2 major users alone can decrypt, we need at least 3 of 6 users and a majority of shares in order to decrypt. I remember I used to use this in the past and it worked flawlessly. I have no idea why this killer feature was omitted when implementing GnuPG. But maybe I am missing something in the documentation. If anyone knows how to do this using GnuPG or an alternative open source product, I would like to hear about it. Please do not suggest inadequate workarounds like the ones I mentioned above and which previously have been discussed here yet. Regards -- Alexander Kriegisch https://scrum-master.de _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
