-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi Phillip,
@all: If this goes too far off-topic for the openssl mailing list, let me
know, and I'll continue the discussion off-mailing-list.
On Mon, 25 May 2020, Phillip Hallam-Baker wrote:
On Sun, May 24, 2020 at 4:17 PM Erich Eckner wro
It probably doesn't help you, because it requires complex deployment and
is not open-source, but I thought that it might be interesting to know
that there is a multi-prime RSA based technology that is actively used in
practice.
It is used for mobile authentication and digital signatures an
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi Phillip,
On Sun, 24 May 2020, Phillip Hallam-Baker wrote:
In short, yes, I have stuff that works for this and I think it would be
particularly useful for code signing and for inside CAs. But it does need
some additional work to apply it to th
Actually, I was wrong about the prior one.
https://patents.google.com/patent/US6411716 looks like it has a distributed
CA function with multi-step, multi-fragment signatures. (This looks
fascinating, and I'm going to study it over the weekend -- still in a
lockdown, so no real Memorial Day party f
>From glancing at the abstract, https://patents.google.com/patent/US5799086
looks like it might be the one? It also says that it is expired,
expiration having been anticipated on 2014-01-13.
-Kyle H
On Sun, May 24, 2020, 11:54 Salz, Rich wrote:
>
>- In any case, I am unaware of any existin
* In any case, I am unaware of any existing system which meets your
requirement 3. Admittedly, I haven't specifically searched for such.
CertCo (now defunct, don’t know who has the intellectual property) had a patent
that did ALL of the things. RSA keygen, split the key, each key signs the
ystem
administrators and backup operators.
There is no possible way to have a distributed secret key without
distributing secret data across multiple entities/systems, though. Whether
those entities are in the custody of those who possess the authority to use
them is unimportant, but if they are not then
Erich Eckner wrote:
> we're looking into setting up a CA with openssl, but we would like to
> distribute the secret key amongst multiple persons. We're aware of
> Shamir's secret sharing algorithm, but we'd like to know if there is some
> algorithm supported by openssl, that fulfi
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi,
we're looking into setting up a CA with openssl, but we would like to
distribute the secret key amongst multiple persons. We're aware of
Shamir's secret sharing algorithm, but we'd like to know if there is some
algorithm supported by openssl
