Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages


home | help
OpenXPKI::Crypto::SecrUserSContributed Perl OpenXPKI::Crypto::Secret::Split(3)

       OpenXPKI::Crypto::Secret::Split - Secret	splitting

       This class implements a secret splitting	algorithm that allows to
       specify a K out of N quorum that	must be	presented in order to obtain
       the secret.  It uses Shamir's secret splitting algorithm, for more
       information see or

       Usage example: secret splitting

	 my $secret = OpenXPKI::Crypto::Secret->new(
		 TYPE => 'Split',
		 QUORUM	=> {
		     K => 3,
		     N => 5,
	     });   # 'Split' pin, requiring 3 out of 5 secrets

	 # determine the 5 shares with the default bitlength
	 my @components	= $secret->compute()

	 # ... and later...

	 $secret->is_complete();	      #	returns	undef
	 my $result = $secret->get_secret();  #	undef


	 $secret->is_complete();	      #	returns	undef
	 $result = $secret->get_secret();     #	still undef


	 $secret->is_complete();	      #	returns	true
	 $result = $secret->get_secret();     #	returns	the secret


       Constructor. If a hash reference	is given the following named
       parameters are accepted:

       o   TYPE

	   Must	be 'Split'

       o   QUORUM

	   Hash	reference, containing elements K and N.	N is the total number
	   of secret shares, whereas K denotes the number of shares required
	   to reveal the secret.


       If a hash reference is given with the named parameter BITLENGTH given,
       the parameter is	used as	the bitlength of the secret. If	no parameter
       is given, the default bitlength of 128 is used. Note that the maximum
       bitlength is 1024, as it	is saved in the	secret shares.

       Returns an array	containing N secret shares of which K must be fed to
       set_secret in order to reveal the (randomly generated) secret.

       The secret shares are uppercase hexadecimal strings of the following

       A First nibble (= first character): version number of the format,
					   currently fixed to 0.  B Next byte
       (next two characters) : x-coordinate of the point used
					   for interpolation B Next variable
       length of bytes	 : y-coordinate	of the point used
					   for interpolation C Next two	bytes
       : the two highest bytes of the SHA1-hash
					   on the string representing the
       y-coordinates D Next two	bytes		       : bitlength of the
       prime number in nibbles

       Actually, the algorithm always uses the smallest	prime number of
       bitlength 4*D + 1. This is useful as so,	little space is	wasted for
       saving the prime	number.	Note that the prime number is not a security
       parameter, so it	may be known publicly.

       The part	of the SHA-1 hash (C) is used as a checksum to safeguard
       against typos.


       Returns true once enough	secret shares are available to compute the


       Returns the complete secret or undef if not yet available.


       Sets (part of) the secret. Accepts a secret share string	generated by

perl v5.32.0			  2020-08-29OpenXPKI::Crypto::Secret::Split(3)

Name | Description

Want to link to this manual page? Use this URL:

home | help