-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi Phillip,
@all: If this goes too far off-topic for the openssl mailing list, let me
know, and I'll continue the discussion off-mailing-list.
On Mon, 25 May 2020, Phillip Hallam-Baker wrote:
On Sun, May 24, 2020 at 4:17 PM Erich Eckner wro
It probably doesn't help you, because it requires complex deployment and
is not open-source, but I thought that it might be interesting to know
that there is a multi-prime RSA based technology that is actively used in
practice.
It is used for mobile authentication and digital signatures an
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi Phillip,
On Sun, 24 May 2020, Phillip Hallam-Baker wrote:
In short, yes, I have stuff that works for this and I think it would be
particularly useful for code signing and for inside CAs. But it does need
some additional work to apply it to th
Actually, I was wrong about the prior one.
https://patents.google.com/patent/US6411716 looks like it has a distributed
CA function with multi-step, multi-fragment signatures. (This looks
fascinating, and I'm going to study it over the weekend -- still in a
lockdown, so no real Memorial Day party f
>From glancing at the abstract, https://patents.google.com/patent/US5799086
looks like it might be the one? It also says that it is expired,
expiration having been anticipated on 2014-01-13.
-Kyle H
On Sun, May 24, 2020, 11:54 Salz, Rich wrote:
>
>- In any case, I am unaware of any existin
* In any case, I am unaware of any existing system which meets your
requirement 3. Admittedly, I haven't specifically searched for such.
CertCo (now defunct, don’t know who has the intellectual property) had a patent
that did ALL of the things. RSA keygen, split the key, each key signs the
There are two ways to handle multiple authorizations needed:
1) Secret data is shared across multiple locations/holders, or
2) Secret data is stored in a trusted system which itself requires multiple
authorizations.
You could perhaps put together multiple trusted systems, each of which has
a share
Erich Eckner wrote:
> we're looking into setting up a CA with openssl, but we would like to
> distribute the secret key amongst multiple persons. We're aware of
> Shamir's secret sharing algorithm, but we'd like to know if there is some
> algorithm supported by openssl, that fulfi
