Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
OpenXPKI::Crypto::SecrUserSContributed Perl OpenXPKI::Crypto::Secret::Split(3)

Name
       OpenXPKI::Crypto::Secret::Split - Secret	splitting

Description
       This class implements a secret splitting	algorithm that allows to
       specify a K out of N quorum that	must be	presented in order to obtain
       the secret.  It uses Shamir's secret splitting algorithm, for more
       information see http://www.cs.tau.ac.il/~bchor/Shamir.html or
       http://en.wikipedia.org/wiki/Secret_sharing#Shamir.27s_scheme

       Usage example: secret splitting

	 my $secret = OpenXPKI::Crypto::Secret->new(
	     {
		 TYPE => 'Split',
		 QUORUM	=> {
		     K => 3,
		     N => 5,
		 },
	     });   # 'Split' pin, requiring 3 out of 5 secrets

	 # determine the 5 shares with the default bitlength
	 my @components	= $secret->compute()

	 # ... and later...

	 $secret->is_complete();	      #	returns	undef
	 my $result = $secret->get_secret();  #	undef

	 $secret->set_secret($components[2]);
	 $secret->set_secret($components[4]);

	 $secret->is_complete();	      #	returns	undef
	 $result = $secret->get_secret();     #	still undef

	 $secret->set_secret($components[1]);

	 $secret->is_complete();	      #	returns	true
	 $result = $secret->get_secret();     #	returns	the secret

   Methods
       new

       Constructor. If a hash reference	is given the following named
       parameters are accepted:

       o   TYPE

	   Must	be 'Split'

       o   QUORUM

	   Hash	reference, containing elements K and N.	N is the total number
	   of secret shares, whereas K denotes the number of shares required
	   to reveal the secret.

       compute

       If a hash reference is given with the named parameter BITLENGTH given,
       the parameter is	used as	the bitlength of the secret. If	no parameter
       is given, the default bitlength of 128 is used. Note that the maximum
       bitlength is 1024, as it	is saved in the	secret shares.

       Returns an array	containing N secret shares of which K must be fed to
       set_secret in order to reveal the (randomly generated) secret.

       The secret shares are uppercase hexadecimal strings of the following
       format:

       A First nibble (= first character): version number of the format,
					   currently fixed to 0.  B Next byte
       (next two characters) : x-coordinate of the point used
					   for interpolation B Next variable
       length of bytes	 : y-coordinate	of the point used
					   for interpolation C Next two	bytes
       : the two highest bytes of the SHA1-hash
					   on the string representing the
       y-coordinates D Next two	bytes		       : bitlength of the
       prime number in nibbles

       Actually, the algorithm always uses the smallest	prime number of
       bitlength 4*D + 1. This is useful as so,	little space is	wasted for
       saving the prime	number.	Note that the prime number is not a security
       parameter, so it	may be known publicly.

       The part	of the SHA-1 hash (C) is used as a checksum to safeguard
       against typos.

       is_complete

       Returns true once enough	secret shares are available to compute the
       secret.

       get_secret

       Returns the complete secret or undef if not yet available.

       set_secret

       Sets (part of) the secret. Accepts a secret share string	generated by
       compute().

perl v5.24.1			  2017-07-03OpenXPKI::Crypto::Secret::Split(3)

Name | Description

Want to link to this manual page? Use this URL:
<https://www.freebsd.org/cgi/man.cgi?query=OpenXPKI::Crypto::Secret::Split&sektion=3&manpath=FreeBSD+12.1-RELEASE+and+Ports>

home | help