Bus Number 1 ¾ — the implementation

Welcome back! In the previous post we found out that there is a way to share a secret between n persons so that k (k < n) can reconstruct the secret but k-1 cannot. In this post we are going to look at how we used this technique together with GPG to set up emergency access to a super user account.

In order to go from theory to practice, i.e., build something that works, we need to think about usability. If we have to teach everybody the maths behind Samir’s Secret Sharing, or if we have to install special software on every key keeper’s laptop we will probably find when an emergency strikes that people have forgotten everything beyond multiplication and that their laptops have the wrong version of Java. Luckily, Samir’s Secret Sharing has been implemented in Javascript, meaning that we can build a simple self-contained app in HTML which we can then distribute to the key keepers along with their secrets. In the interest of transparency (and to encourage reuse) the interface allows for splitting and reconstructing secrets:

(You can download this app from GitHub.)

Using the above app I paste the password to the backup super user account in the first field, “Secret”, set “Shares” to 4 and “Quorum” to 3 and click “Split!”. The app calculates (locally!) 4 hex values that can be distributed to the 4 key keepers. Try it!

Next step: distribute the shards to the intended key keepers ensuring that no one but the intended recipient gets hold of a shard and also making it probable that the shards are not lost even if they will not be used for a few years.

At SeQura we use GPG (or PGP) to distribute secrets between team members, so there seems not to be much to think about. But with an extra twist we can address the second half of the problem. The crux is in making all the key keepers store all the key shards, but still only letting them use their own. Look here:

I copy the four lines from “Result” and paste as input to the following Bash script

which results in output like this:

Now I can just copy the entire output and paste into an email to Severus, Luna, Albus and Minerva, and include the HTML app as an attachment. Each recipient will have received all four shards, but they can only decrypt their own. Even if three of them lose the email, if we have to activate this emergency back door, the one who still has the email can resend it to the others. Expanding on this logic, we can even decide to send the email to the entire management team, for safekeeping.

Finally, how do we know that this works? Well, like any security measure, we don’t know if it works until it has been tried in a real situation. As a precaution, I ask the recipients to decrypt their own part of the message and tell me how many characters there are in their secret. If they can’t decrypt their messages or disagree on the length of the secret, I start over. I think that’s good enough, and at the end of the day, that is what security comes down to: judgement.

I hope you found this interesting and even useful. If anything is unclear or you see a way of improving the scheme, please write a comment below or contact me directly.

Share this:

Leave a Reply

Your email address will not be published. Required fields are marked *