Yes, before folk start a panic, what I propose is not Louis Freeh approved.
If people are going to encrypt personal documents by default we have to
take data recovery just as seriously as data confidentiality. For most
people the risk that they might lose the pictures of the kids when they are
4 is vastly more significant than the risk that a government or corporation
might spy on them.
So I have implemented a scheme based on Shamir's secret sharing as follows:
* Key manager encrypts private key under a master secret, k
* Encrypted private key is uploaded to a cloud based service, indexed under
H(k)
* Master secret is split using either XOR secret sharing (requiring N of N
shares to recombine) or Shamir secret sharing (allowing K of N shares).
It occurs to me that if this is going to be widely used it would be better
as a standards based specification.
Not wanting to derail OpenPGP bis, but I think this is something that
OpenPGP NG might want to use as a resource.
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp