Secret Sharer version 1.0 - 7/11/95 Strong Crypto Freeware (c) copyright 1995, Joel McNamara This document is divided into three parts: 1. General information on Secret Sharer Introduction, installation, and file requirements 2. Key escrow and secret-sharing Conceptual information and background on secret-sharing 3. Using Secret Sharer How to use Secret Sharer 1. General information on Secret Sharer ---------------------------------------- What it does ------------ Secret Sharer is designed to help people keep secure back-up copies of sensitive data such as PGP (or other cryptosystem) passphrases and confidential files. Secret Sharer relies on a protocol called secret-sharing. Basically, the data is split into encrypted pieces and then distributed to different trusted people. For the data to be restored, the trusted parties must combine their split pieces together. A single piece cannot be used to reveal the data. This protocol provides a secure insurance policy for deciphering encrypted data in case the key/passphrase is not available. (Read "What is key escrow?" and "What is secret-sharing?" below.) Secret Sharer is an easy-to-use, Windows front-end for a DOS secret-sharing utility written by Hal Finney called SECSPLIT.EXE. What it doesn't do ------------------ Secret Sharer is not a full cryptosystem. Although the split pieces of data are encrypted, you still need PGP or a similar application for day-to-day encryption/decryption. Think of Secret Sharer as a key management tool. Requirements ------------ Microsoft Windows 3.x Visual Basic runtime file (VBRUN300.DLL - not included, most sites such as simtel have this, if you can't find it, try ftp.microsoft.com) SECSPLIT.EXE - Hal Finney's DOS, secret-sharing utility. DISCLAIMER - SECSPLIT.EXE is not distributed with Secret Sharer because of United States ITAR export regulations that deal with cryptography. The SECSPLIT.EXE utility uses the IDEA encryption algorithm (the same as PGP), to encrypt data, and is therefore classified as a restricted munition. At the present, I don't want to deal with all of the legal and international distribution hassles for bundling SECSPLIT with Secret Sharer. With that said, here are some FTP sites that currently have SECSPLIT.EXE available. Compliance with government laws (US or foreign) is your responsibility. ftp.dsi.unimi.it /pub/security/crypt/code/secsplit.zip isdec.vc.cvut.cz /ppub/security/unimi/crypt/secsplit.zip nic.funet.fi /pub/crypt/ftp.dsi.unimi.it/code/secsplit.zip (please e-mail me with any other sites so I can update this list) Where to Get It: ---------------- Latest releases of Secret Sharer are available from: ftp.eskimo.com /joelm http://www.eskimo.com/~joelm The above Web page also contains a variety of information on PC privacy and security. Comments or questions can be directed to: joelm@eskimo.com Installing Secret Sharer: ------------------------- Copy the following files to a directory of your choice: SECSHARE.EXE the application SECSHARE.TXT this file SECSHARE.PIF for easy shelling to DOS SECSPLIT Copy the following file to the \WINDOWS\SYSTEM directory: CMDIALOG.VBX (You don't need to replace this file if it already exists). Copy SECSPLIT.EXE to the directory containing SECSHARE.EXE. 2. Key escrow and secret-sharing --------------------------------- What is key escrow? ------------------- One of the major issues in dealing with encrypted data is key management. Let's say you're a corporate officer who regularly uses encryption to keep business data secure. Then one day, while your mind is elsewhere, you accidentally step in front of a bus. Fortunately, you survive, but unfortunately you end up with a temporary case of amnesia. No one can access your files since you can't remember your PGP pasphrase. And the big bucks buy-out you were involved with, goes down the drain since no one else can read your encrypted notes or saved e-mail messages. An insurance policy against such a situation is called "key escrow." A copy of your key and passphrase is given to a trusted third-party for secure storage. In the event of your untimely demise, failed memory, or skipping the country, the trusted party gives your key and passphrase to an authorized individual who can then decrypt any relevant data. A key can be escrowed to a single (or several) trusted persons. However, this is akin to putting all of your encryption eggs in one basket. There is nothing to say that the person you currently trust, may be coerced into revealing your key or turn out not to be as trustworthy as you thought. (Note: The United States government would like to mandate an escrow program where your encryption keys are made available to law enforcement officials, with a proper court order, of course. Consult your history books for various examples of government abuse of power. While the government is calling this "key escrow," it is more appropriately titled "government access to keys" or GAK.) What is secret-sharing? ----------------------- A more secure form of key escrow involves providing multiple parties with encrypted pieces of your key and passphrase. You decide how many pieces you want to split your key into and how many of those pieces must be required to reveal the key. This means several trusted parties must combine their pieces together before your key is revealed. You determine your own levels of trust. For example, if you split the key into eight pieces, and specify that a minimum of five pieces are required to restore the key, you're betting that at least five out of the eight parties are trustworthy, and won't conspire together to reveal your key. This concept is known as secret-sharing (also called a threshold scheme). How secret sharing works ------------------------ Secret-sharing is accomplished through mathematical manipulation of data. The concept is generally credited to Adi Shamir (of RSA fame) and was first publicly presented in 1979. Secret Sharer works with SPLITSEC.EXE, written by Hal Finney, and based on Shamir's algorithm. The basic concept behind the algorithm is data is divided into n pieces (called shadows). Any m number of shadows can be used to reconstruct the data, but any number of shadows less then m, cannot. Shamir used polynomial equations and cryptographically strong, unguessable random numbers in his algorithm. This provides a high level of security. While the holder of a split piece of data knows the length of the secret data, there is no way to determine the actual content. The main weakness in the algorithm is in the generation of random numbers. If the numbers are not truely random, an attack could be mounted on several of the pieces to decipher the data. The SECSPLIT application is fairly secure in this regard, initializing the random number generator based on the contents of the file and the current time of day. For more information -------------------- "How to Share a Secret," by Adi Shamir, Communications of the ACM, November, 1979, Volume 22, Number 11, page 612. This is the article Hal Finney based his DOS application on. "Applied Cryptography," by Bruce Schneier, John Wiley & Sons, Inc., 1994. A variety of secret sharing schemes are discussed. 3. Using Secret Sharer ----------------------- To secret-share a passphrase ---------------------------- Choose "Split passphrase" from the Share menu. Enter the passphrase twice (for verification purposes). The passphrase will not be echoed to the screen. Enter the number of pieces to split the passphrase into. Enter the minimum number of split pieces that will be required to restore the passphrase. Secret Sharer will call SECSPLIT and split the passphrase into the number of pieces you requested. The pieces will be written to the directory that contains Secret Sharer, and be named PASSWORD.001, PASSWORD.002, etc. Select the "Split to disks" item in the Options menu if you want the split pieces written to disk. To restore a split passphrase ----------------------------- Choose "Restore passphrase" from the Share menu. Enter the total number of split files to be used in restoring the passphrase. Specify each respective restore file in the Open File dialog box. The dialog title will display how many files remain. It doesn't matter what sequence the files are selected in. If the correct files are used (in addition to the minimum number specified), the correct passphrase will be displayed. If not, incorrect characters will be displayed. Click the Copy button to copy the passphrase to the clipboard. NOTE: If a specified restore file is not in the same directory as Secret Sharer, the utility copies it from its source location to the Secret Sharer directory. After the passphrase is restored, Secret Sharer wipes any restore files from its directory. To secret-share a file ---------------------- Choose "Split file" from the Share menu. Enter the full path of the file to split. Click the Browse button to use the Open File dialog box to specify the file. Enter the number of pieces to split the file into. Enter the minimum number of split pieces that will be required to restore the file. Secret Sharer will call SECSPLIT and split the file into the number of pieces you requested. The pieces will be written to the directory that contains Secret Sharer, and be named filename.001, filename.002, etc. where filename is the 8 character name of the file to be split. Select the "Split to disks" item in the Options menu if you want the split pieces written to disk. Select the "Wipe file after split" item in the Options menu to wipe the source file after it has been split. To restore a split file ----------------------- Choose "Restore file" from the Share menu. Enter the full path of the file to restore. Click the Browse button to use the Open File dialog box to specify the file. Enter the number of split pieces that will be used to restore the file. Specify each respective restore file in the Open File dialog box. The dialog title will display how many files remain. It doesn't matter what sequence the files are selected in. If the correct files are used (in addition to the minimum number specified), the file will be restored in the specified directory. If not, the file will be filled with garbage characters. Practical tips for using Secret Sharer -------------------------------------- When you a split a file or passphrase into pieces, by default, Secret Sharer will place all of the pieces in the directory containing Secret Sharer. It's up to you to distribute the pieces as you see fit. There are two general alternatives: 1. You can inform the trusted parties of your back-up plan and physically distribute the pieces to them. 2. You can keep the pieces yourself, encrypting each piece with the respective PGP public key of the party you plan to distribute the piece to. Then leave instructions concerning who the parties are and how the passphrase/file can be restored. It's beyond the scope of this document to go into details such as storage locations, restoration logistics, etc. Think through your options and apply common sense (or, use a consultant like myself to create a plan for your situation). If the "Split to disks" item in the Options menu is checked, when you split the passphrase/file, Secret Sharer will prompt you to insert a floppy disk in the A: drive for each piece. This is convenient if you are physically distributing the pieces to different parties. For example, if you have split a passphrase into 5 pieces, you will be prompted to insert a disk for each of the pieces. Important note: If you manually copy the pieces to a different directory or disk, you should use a secure delete ("wipe") program to ensure the original pieces are securely deleted. Secret Sharer does a one pass write of pseudo-random characters to any temporary files it creates before it deletes them. (There are a variety of security issues dealing with swap files and effective file deletion that go way beyond the scope of this document.)