Re: [Opensc-devel] n-of-m threshold scheme

[Andreas S. (ML) <and...@ca...>]

For those of you interested to understand the SmartCard-HSM's key backup
and restore mechanism using a n-of-m threshold scheme we've provided a
step-by-step tutorial at [1].

Andreas

[1]
https://github.com/OpenSC/OpenSC/wiki/SmartCardHSM#using-key-backup-and-restore

Am 07.02.2013 15:29, schrieb Andreas Schwier (ML):
> Hi list,
> 
> to satisfy enhanced key management requirements, we've added a n-of-m
> threshold scheme to the sc-hsm-tool.
> 
> Using this scheme you can place the SmartCard-HSM's Device Key
> Encryption Key under sole control of m key custodians from which n can
> together reconstruct the secret key.
> 
> The scheme provides for even better security than the DKEK share
> mechanism already available in the 0.13 version. Under the new scheme, a
> lost share does not mean a complete loss of the secret key. A lost share
> just reduces the number of available key custodians and has no impact on
> the DKEK unless less than n share are left available.
> 
> The code is available in our repository at GITHUB [1] and a pull request
> has been created to move the code into the OpenSC master branch.
> 
> 
> Kind regards,
> 
> 
> Andreas
> 
> [1] https://github.com/CardContact/OpenSC
> 


-- 

    ---------    CardContact Software & System Consulting
   |.##> <##.|   Andreas Schwier
   |#       #|   Schülerweg 38
   |#       #|   32429 Minden, Germany
   |'##> <##'|   Phone +49 571 56149
    ---------    http://www.cardcontact.de
                 http://www.tscons.de
                 http://www.openscdp.org