Module Name: othersrc
Committed By: agc
Date: Mon Mar 21 07:10:45 UTC 2011
Update of /cvsroot/othersrc/crypto/external/bsd/sharedkey
In directory ivanova.netbsd.org:/tmp/cvs-serv15677
Log Message:
Initial import, into othersrc/crypto, of sharedkey, a library and
utility which generates a one-time key (by default RSA 2048bit), which
is used to encrypt a secret to be shared between a number of people.
The secret is encrypted to the generated, one-time key. That key is
then distributed using libssss(3). All encryption and decryption are
accomplished via libnetpgp(3).
The secret can be recovered by presenting a threshold of shares, and
using that to recover the secret key, which can then be used to
decrypt the original secret.
The key can optionally be further protected by a passphrase, which is
set at one-time-key generation time. The net effect is to introduce a
gate to recovery - with a passphrase, secret recovery can be gated
through an individual who knows the passphrase - this protects against
collusion to recover the secret "behind everyone's backs". At the same
time, normal passphrase propagation rules apply, and there is a potential
for a Single Point of Failure.
There are a number of use cases for this functionality, which is a
generalised and much more flexible form of encryption to a number of
users. Shares can be distributed in non-uniform amounts, for example,
so that more important players in the group can receive more than one
share. Ad-hoc user groups can be established. Shares can be
encrypted to other user's keys, and protected in transit that way.
Shares can be encrypted to the distributor's key before encrypting to
the recipient's key - this will protect against collusion and
accidental exposure of the secret, but again introduces a SPoF.
Backups can be generated which can be recovered only when a quorum of
known and authorised keys have authorised it. There are many other
use cases for this - they are left as an exercise for the reader.
The original public key is kept around to provide information on
the encrypted secret - who, when, how many shares, quorum, etc.
If this is deemed to be sensitive, this information can be redacted by
using the -a switch (to anonymize the public key).
There are still some loose ends to this code, but it is functional
at the present time. Further review is welcomed and encouraged.
A worked example, taken from the regression test for sharedkey(1)
distributes the /etc/group file on a machine to 3 shares, of which 2
make a quorum. The group file is then recovered by using two of the
generated shares:
% make t
cd /usr/othersrc/crypto/external/bsd/sharedkey/sharedkey && make t
make split
rm -rf /tmp/share.* /tmp/recover.*
./sharedkey -t 2/3 /etc/group
Generating a one-time key
/tmp/share.14828a/pubring.gpg: No such file or directory
Can't read pubring /tmp/share.14828a/pubring.gpg
Can't read pub keyring
signature 2048/RSA (Encrypt or Sign) 5eb658fbc4e0c0fc 2011-03-20
Key fingerprint: 1878 2f43 ff3b 0792 2f1c bacc 5eb6 58fb c4e0 c0fc
uid /etc/group shared 2/3 by agc Sun Mar 20 03:48:28 2011
netpgp: generated keys in directory /tmp/share.14828a/5eb658fbc4e0c0fc
Enter passphrase for 5eb658fbc4e0c0fc:
Repeat passphrase for 5eb658fbc4e0c0fc:
Shared secrets are in: /tmp/share.14828a
tar tvzf /tmp/share.*/share000.tar.gz
drwx------ 2 agc wheel 0 Mar 20 03:48 share000
lrwxr-xr-x 1 agc wheel 0 Mar 20 03:48 share000/keyid ->
5eb658fbc4e0c0fc
-rw-r--r-- 1 agc wheel 609 Mar 20 03:48 share000/secret.gpg
-rw-r--r-- 1 agc wheel 617 Mar 20 03:48 share000/pubring.gpg
-rw-r--r-- 1 agc wheel 1323 Mar 20 03:48 share000/secring.gpg.share
tar: ustar vol 1, 5 files, 10240 bytes read, 0 bytes written in 1 secs (10240
bytes/sec)
ls -laR /tmp/share.*
total 18
drwx------ 2 agc wheel 512 Mar 20 03:48 .
drwxrwxrwt 5 root wheel 512 Mar 20 03:48 ..
-rw-r--r-- 1 agc wheel 617 Mar 20 03:48 pubring.gpg
-rw------- 1 agc wheel 2908 Mar 20 03:48 share000.tar.gz
-rw------- 1 agc wheel 2908 Mar 20 03:48 share001.tar.gz
-rw------- 1 agc wheel 2910 Mar 20 03:48 share002.tar.gz
make join
./sharedkey -o group.recover -r /tmp/share.*/share002.tar.gz
/tmp/share.*/share000.tar.gz
Error: Format error (ptag bit not set)
signature 2048/RSA (Encrypt or Sign) 5eb658fbc4e0c0fc 2011-03-20
Key fingerprint: 1878 2f43 ff3b 0792 2f1c bacc 5eb6 58fb c4e0 c0fc
uid /etc/group shared 2/3 by agc Sun Mar 20 03:48:28 2011
netpgp passphrase:
%
Status:
Vendor Tag: CROOKS
Release Tags: sharedkey-base
N othersrc/crypto/external/bsd/sharedkey/Makefile
N othersrc/crypto/external/bsd/sharedkey/mkdist
N othersrc/crypto/external/bsd/sharedkey/Makefile.inc
N othersrc/crypto/external/bsd/sharedkey/dist/Makefile.am
N othersrc/crypto/external/bsd/sharedkey/dist/TODO
N othersrc/crypto/external/bsd/sharedkey/dist/aclocal.m4
N othersrc/crypto/external/bsd/sharedkey/dist/configure
N othersrc/crypto/external/bsd/sharedkey/dist/configure.ac
N othersrc/crypto/external/bsd/sharedkey/dist/libtool
N othersrc/crypto/external/bsd/sharedkey/dist/tst
N othersrc/crypto/external/bsd/sharedkey/dist/buildaux/config.guess
N othersrc/crypto/external/bsd/sharedkey/dist/buildaux/config.sub
N othersrc/crypto/external/bsd/sharedkey/dist/buildaux/depcomp
N othersrc/crypto/external/bsd/sharedkey/dist/buildaux/install-sh
N othersrc/crypto/external/bsd/sharedkey/dist/buildaux/ltmain.sh
N othersrc/crypto/external/bsd/sharedkey/dist/buildaux/missing
N othersrc/crypto/external/bsd/sharedkey/dist/src/Makefile.am
N othersrc/crypto/external/bsd/sharedkey/dist/src/Makefile.in
N othersrc/crypto/external/bsd/sharedkey/dist/src/libsharedkey/otk
N othersrc/crypto/external/bsd/sharedkey/dist/src/libsharedkey/shlib_version
N othersrc/crypto/external/bsd/sharedkey/dist/src/libsharedkey/Makefile
N othersrc/crypto/external/bsd/sharedkey/dist/src/libsharedkey/Overview
N othersrc/crypto/external/bsd/sharedkey/dist/src/libsharedkey/TODO
N othersrc/crypto/external/bsd/sharedkey/dist/src/libsharedkey/sharedkey.h
N othersrc/crypto/external/bsd/sharedkey/dist/src/libsharedkey/libsharedkey.c
N othersrc/crypto/external/bsd/sharedkey/dist/src/sharedkey/sharedkey.1
N othersrc/crypto/external/bsd/sharedkey/dist/src/sharedkey/Overview
N othersrc/crypto/external/bsd/sharedkey/dist/src/sharedkey/Makefile
N othersrc/crypto/external/bsd/sharedkey/dist/src/sharedkey/main.c
N othersrc/crypto/external/bsd/sharedkey/dist/autom4te.cache/requests
N othersrc/crypto/external/bsd/sharedkey/dist/autom4te.cache/output.0
N othersrc/crypto/external/bsd/sharedkey/dist/autom4te.cache/traces.0
N othersrc/crypto/external/bsd/sharedkey/sharedkey/Makefile
N othersrc/crypto/external/bsd/sharedkey/libsharedkey/shlib_version
N othersrc/crypto/external/bsd/sharedkey/libsharedkey/Makefile
No conflicts created by this import
