[Freedombox-discuss] Key Splitting to Protect Client Data on Boxes
On Wed, 2013-02-06 at 22:52 -0600, Nick M.Daly wrote:
> So, it's pretty easy to split data using Shamir's Secret Sharing
> (package: gfshare). If we split a client's PGP key using a 2:3 split (2
> of three pieces are required to reform the key), then we could
> meaningfully PGP encrypt the client's data on the box. That would
> prevent the box from ratting out the client if it ever fell into
> nefarious hands.
> The user would need to split their key into three pieces:
> 1. On the box.
> 2. On a client device.
> 3. On a backup, somewhere.
> The box could send the client its piece, along with the encrypted data,
> even over an insecure channel, because one piece of the key is
> This works as long as we can get the first piece of the key onto the
> client device, out of band, and the client device remains unsurveiled.
> If either of these assumptions are incorrect, we'll need different
> solutions (performing the decryption and service operation on the box
> itself, for example).
The only problem of doing this is that you need to find out how bad for
gpg encryption it is a partial leak of a key.
Not all encryption algorithm have linear resistance to attack based on
the number of bits of the key leaked.
Samba Team GPL Compliance Officer <simo at samba.org>
Principal Software Engineer at Red Hat, Inc. <simo at redhat.com>