GSP
Quick Navigator

Search Site

Unix VPS
A - Starter
B - Basic
C - Preferred
D - Commercial
MPS - Dedicated
Previous VPSs
* Sign Up! *

Support
Contact Us
Online Help
Handbooks
Domain Status
Man Pages

FAQ
Virtual Servers
Pricing
Billing
Technical

Network
Facilities
Connectivity
Topology Map

Miscellaneous
Server Agreement
Year 2038
Credits
 

USA Flag

 

 

Man Pages


Manual Reference Pages  -  OPENXPKI::CRYPTO::SECRET::SPLIT (3)

.ds Aq ’

Name

OpenXPKI::Crypto::Secret::Split - Secret splitting

CONTENTS

Description

This class implements a secret splitting algorithm that allows to specify a K out of N quorum that must be presented in order to obtain the secret. It uses Shamir’s secret splitting algorithm, for more information see http://www.cs.tau.ac.il/~bchor/Shamir.html or http://en.wikipedia.org/wiki/Secret_sharing#Shamir.27s_scheme

Usage example: secret splitting



  my $secret = OpenXPKI::Crypto::Secret->new(
      {
          TYPE => Split,
          QUORUM => {
              K => 3,
              N => 5,
          },
      });   # Split pin, requiring 3 out of 5 secrets

  # determine the 5 shares with the default bitlength
  my @components = $secret->compute()

  # ... and later...

  $secret->is_complete();              # returns undef
  my $result = $secret->get_secret();  # undef

  $secret->set_secret($components[2]);
  $secret->set_secret($components[4]);

  $secret->is_complete();              # returns undef
  $result = $secret->get_secret();     # still undef

  $secret->set_secret($components[1]);

  $secret->is_complete();              # returns true
  $result = $secret->get_secret();     # returns the secret



    Methods

new

Constructor. If a hash reference is given the following named parameters are accepted:
o TYPE

Must be ’Split’

o QUORUM

Hash reference, containing elements K and N. N is the total number of secret shares, whereas K denotes the number of shares required to reveal the secret.

compute

If a hash reference is given with the named parameter BITLENGTH given, the parameter is used as the bitlength of the secret. If no parameter is given, the default bitlength of 128 is used. Note that the maximum bitlength is 1024, as it is saved in the secret shares.

Returns an array containing N secret shares of which K must be fed to set_secret in order to reveal the (randomly generated) secret.

The secret shares are uppercase hexadecimal strings of the following format:

A First nibble (= first character): version number of the format,
currently fixed to 0. B Next byte (next two characters) : x-coordinate of the point used
for interpolation B Next variable length of bytes : y-coordinate of the point used
for interpolation C Next two bytes : the two highest bytes of the SHA1-hash
on the string representing the y-coordinates D Next two bytes : bitlength of the prime number in nibbles

Actually, the algorithm always uses the smallest prime number of bitlength 4*D + 1. This is useful as so, little space is wasted for saving the prime number. Note that the prime number is not a security parameter, so it may be known publicly.

The part of the SHA-1 hash (C) is used as a checksum to safeguard against typos.

is_complete

Returns true once enough secret shares are available to compute the secret.

get_secret

Returns the complete secret or undef if not yet available.

set_secret

Sets (part of) the secret. Accepts a secret share string generated by compute().

Search for    or go to Top of page |  Section 3 |  Main Index


perl v5.20.3 OPENXPKI::CRYPTO::SECRET::SPLIT (3) 2016-04-03

Powered by GSP Visit the GSP FreeBSD Man Page Interface.
Output converted with manServer 1.07.