Secret Sharer version 1.0 - 7/11/95
Strong Crypto Freeware
(c) copyright 1995, Joel McNamara

This document is divided into three parts:

1.  General information on Secret Sharer
    Introduction, installation, and file requirements

2.  Key escrow and secret-sharing
    Conceptual information and background on secret-sharing

3.  Using Secret Sharer
    How to use Secret Sharer


1.  General information on Secret Sharer
----------------------------------------

What it does
------------
Secret Sharer is designed to help people keep secure back-up
copies of sensitive data such as PGP (or other cryptosystem)
passphrases and confidential files.

Secret Sharer relies on a protocol called secret-sharing.
Basically, the data is split into encrypted pieces and then
distributed to different trusted people.  For the data to be
restored, the trusted parties must combine their split pieces 
together.  A single piece cannot be used to reveal the data.
This protocol provides a secure insurance policy for deciphering
encrypted data in case the key/passphrase is not available.  
(Read "What is key escrow?" and "What is secret-sharing?" below.)

Secret Sharer is an easy-to-use, Windows front-end for a DOS 
secret-sharing utility written by Hal Finney called SECSPLIT.EXE.


What it doesn't do
------------------
Secret Sharer is not a full cryptosystem.  Although the split pieces
of data are encrypted, you still need PGP or a similar application
for day-to-day encryption/decryption.  Think of Secret Sharer as a key
management tool.
  

Requirements
------------
Microsoft Windows 3.x
Visual Basic runtime file (VBRUN300.DLL - not included, most sites
  such as simtel have this, if you can't find it, try ftp.microsoft.com)
SECSPLIT.EXE - Hal Finney's DOS, secret-sharing utility.

DISCLAIMER - SECSPLIT.EXE is not distributed with Secret Sharer
because of United States ITAR export regulations that deal with
cryptography.  The SECSPLIT.EXE utility uses the IDEA encryption
algorithm (the same as PGP), to encrypt data, and is therefore
classified as a restricted munition.  At the present, I don't
want to deal with all of the legal and international distribution
hassles for bundling SECSPLIT with Secret Sharer.

With that said, here are some FTP sites that currently have
SECSPLIT.EXE available.  Compliance with government laws (US or
foreign) is your responsibility.

ftp.dsi.unimi.it /pub/security/crypt/code/secsplit.zip
isdec.vc.cvut.cz /ppub/security/unimi/crypt/secsplit.zip
nic.funet.fi /pub/crypt/ftp.dsi.unimi.it/code/secsplit.zip

(please e-mail me with any other sites so I can update this list)


Where to Get It:
----------------
Latest releases of Secret Sharer are available from:

ftp.eskimo.com /joelm
http://www.eskimo.com/~joelm

The above Web page also contains a variety of information on PC
privacy and security.

Comments or questions can be directed to: joelm@eskimo.com


Installing Secret Sharer:
-------------------------
Copy the following files to a directory of your choice:

SECSHARE.EXE	the application
SECSHARE.TXT	this file
SECSHARE.PIF	for easy shelling to DOS SECSPLIT

Copy the following file to the \WINDOWS\SYSTEM directory:

CMDIALOG.VBX

(You don't need to replace this file if it already exists).

Copy SECSPLIT.EXE to the directory containing SECSHARE.EXE.


2.  Key escrow and secret-sharing
---------------------------------

What is key escrow?
-------------------
One of the major issues in dealing with encrypted data is key
management.  Let's say you're a corporate officer who regularly uses
encryption to keep business data secure.  Then one day, while your
mind is elsewhere, you accidentally step in front of a bus.  Fortunately,
you survive, but unfortunately you end up with a temporary case of
amnesia.  No one can access your files since you can't remember your
PGP pasphrase.  And the big bucks buy-out you were involved with, goes 
down the drain since no one else can read your encrypted notes or saved
e-mail messages.

An insurance policy against such a situation is called "key escrow."
A copy of your key and passphrase is given to a trusted third-party for 
secure storage.  In the event of your untimely demise, failed memory, or 
skipping the country, the trusted party gives your key and passphrase to 
an authorized individual who can then decrypt any relevant data. 

A key can be escrowed to a single (or several) trusted persons.
However, this is akin to putting all of your encryption eggs in one 
basket. There is nothing to say that the person you currently trust, 
may be coerced into revealing your key or turn out not to be as 
trustworthy as you thought.  (Note:  The United States government
would like to mandate an escrow program where your encryption keys
are made available to law enforcement officials, with a proper court 
order, of course.  Consult your history books for various examples of 
government abuse of power.  While the government is calling this "key
escrow," it is more appropriately titled "government access to keys" or
GAK.)


What is secret-sharing?
-----------------------
A more secure form of key escrow involves providing multiple parties
with encrypted pieces of your key and passphrase.  You decide how many 
pieces you want to split your key into and how many of those pieces must 
be required to reveal the key.  This means several trusted parties must
combine their pieces together before your key is revealed.  You
determine your own levels of trust.  For example, if you split the
key into eight pieces, and specify that a minimum of five pieces are
required to restore the key, you're betting that at least five out of
the eight parties are trustworthy, and won't conspire together to
reveal your key. This concept is known as secret-sharing (also called
a threshold scheme).


How secret sharing works
------------------------
Secret-sharing is accomplished through mathematical manipulation of
data.  The concept is generally credited to Adi Shamir (of RSA fame)
and was first publicly presented in 1979.  Secret Sharer works with 
SPLITSEC.EXE, written by Hal Finney, and based on Shamir's algorithm.

The basic concept behind the algorithm is data is divided into n
pieces (called shadows).  Any m number of shadows can be used to
reconstruct the data, but any number of shadows less then m, cannot.

Shamir used polynomial equations and cryptographically strong,
unguessable random numbers in his algorithm.  This provides a high
level of security.  While the holder of a split piece of data knows
the length of the secret data, there is no way to determine the
actual content.

The main weakness in the algorithm is in the generation of random
numbers.  If the numbers are not truely random, an attack could be
mounted on several of the pieces to decipher the data.

The SECSPLIT application is fairly secure in this regard, initializing
the random number generator based on the contents of the file and the
current time of day.


For more information
--------------------
"How to Share a Secret," by Adi Shamir, Communications of the ACM, 
November, 1979, Volume 22, Number 11, page 612.  This is the article
Hal Finney based his DOS application on.

"Applied Cryptography," by Bruce Schneier, John Wiley & Sons, Inc.,
1994.  A variety of secret sharing schemes are discussed.


3.  Using Secret Sharer
-----------------------

To secret-share a passphrase
----------------------------
Choose "Split passphrase" from the Share menu.

Enter the passphrase twice (for verification purposes).  The passphrase
will not be echoed to the screen.

Enter the number of pieces to split the passphrase into.  Enter the minimum
number of split pieces that will be required to restore the passphrase.

Secret Sharer will call SECSPLIT and split the passphrase into the
number of pieces you requested.  The pieces will be written to the directory
that contains Secret Sharer, and be named PASSWORD.001, PASSWORD.002, etc.

Select the "Split to disks" item in the Options menu if you want the
split pieces written to disk. 


To restore a split passphrase
-----------------------------
Choose "Restore passphrase" from the Share menu.

Enter the total number of split files to be used in restoring the 
passphrase.

Specify each respective restore file in the Open File dialog box.  The 
dialog title will display how many files remain.  It doesn't matter
what sequence the files are selected in.

If the correct files are used (in addition to the minimum number
specified), the correct passphrase will be displayed.  If not, incorrect
characters will be displayed. Click the Copy button to copy the
passphrase to the clipboard.

NOTE: If a specified restore file is not in the same directory as
Secret Sharer, the utility copies it from its source location to the
Secret Sharer directory.  After the passphrase is restored, Secret
Sharer wipes any restore files from its directory. 


To secret-share a file
----------------------
Choose "Split file" from the Share menu.

Enter the full path of the file to split.  Click the Browse button to
use the Open File dialog box to specify the file.

Enter the number of pieces to split the file into.  Enter the minimum
number of split pieces that will be required to restore the file.

Secret Sharer will call SECSPLIT and split the file into the
number of pieces you requested.  The pieces will be written to the directory
that contains Secret Sharer, and be named filename.001, filename.002, etc.
where filename is the 8 character name of the file to be split.

Select the "Split to disks" item in the Options menu if you want the
split pieces written to disk.

Select the "Wipe file after split" item in the Options menu to wipe the
source file after it has been split.


To restore a split file
-----------------------
Choose "Restore file" from the Share menu.

Enter the full path of the file to restore.  Click the Browse button to
use the Open File dialog box to specify the file.

Enter the number of split pieces that will be used to restore the file.

Specify each respective restore file in the Open File dialog box.  The 
dialog title will display how many files remain.  It doesn't matter
what sequence the files are selected in.

If the correct files are used (in addition to the minimum number
specified), the file will be restored in the specified directory.
If not, the file will be filled with garbage characters.


Practical tips for using Secret Sharer
--------------------------------------
When you a split a file or passphrase into pieces, by default, Secret
Sharer will place all of the pieces in the directory containing
Secret Sharer.  It's up to you to distribute the pieces as you see
fit.  There are two general alternatives:

1.  You can inform the trusted parties of your back-up plan and physically
    distribute the pieces to them.

2.  You can keep the pieces yourself, encrypting each piece with
    the respective PGP public key of the party you plan to distribute the
    piece to.  Then leave instructions concerning who the parties are
    and how the passphrase/file can be restored.

It's beyond the scope of this document to go into details such as
storage locations, restoration logistics, etc.  Think through your
options and apply common sense (or, use a consultant like myself to
create a plan for your situation). 

If the "Split to disks" item in the Options menu is checked, when you
split the passphrase/file, Secret Sharer will prompt you to insert a
floppy disk in the A: drive for each piece.  This is convenient if
you are physically distributing the pieces to different parties.  For
example, if you have split a passphrase into 5 pieces, you will be
prompted to insert a disk for each of the pieces.

Important note:  If you manually copy the pieces to a different
directory or disk, you should use a secure delete ("wipe") program
to ensure the original pieces are securely deleted.  Secret Sharer does
a one pass write of pseudo-random characters to any temporary files it
creates before it deletes them.  (There are a variety of security issues
dealing with swap files and effective file deletion that go way beyond
the scope of this document.)