Versão em Português

The ShareSec Program

Tears a user-supplied or computer-generated secret in m parts so that n of them will be later needed to stitch the secret back. Useful as a backup when the primary owner of the secret goes unavailable.

Usage Scenario

Suppose your employees, security-conscious as they are, encrypt all sensitive material in their computers. On the night before an important bid, the guy who prepared the proposal gets hit by a truck; the physicians say he'll live, but won't wake up anytime soon. You could lose the bid because your encryption scheme is so secure that you can't break into your empolyee's files.

This is in fact one of the reasons many businesses don't use cryptography. It is just too secure -- so much that it doesn't naturally provide a plan B when things like that happen.

The sharesec program provides a solution to that problem as a kind of "shared key escrow": when you choose or generate a secret, it is split in several parts that you distribute among people you more-or-less trust. If you become unavailable, a number of them can agree to use their shares to recreate your original key.

In our example, your employee would have diligently split the encryption key in several shares that he distributed among his boss and coworkers. Upon hearing the bad news, some of them mutually agree that the situation is serious enough to require the reconstruction of the encryption key so that they can recover the original files and take on the bid.

Why not simply give the other people a copy of the employee's encryption key? Because that would empower them to read the employee's files at any time, needing neither to inform nor ask permission to anyone -- an invitation to abuse. By splitting the passphrase, we need a minimum quorum to do that.

sharesec solves two other problems:

  • To prevent people from choosing weak passwords, sharesec sports a built-in random passphrase generator. It encodes the passphrases using common english words, so as to make them easier to remember and to type. When used in interactive mode, the program displays several suggestions and the user can choose the one that he/she finds easiest to remember.
  • sharesec can output the shares already PGP-encrypted to the public keys of their respective shareholders. That way, after the user has chosen his/her passphrase, no sensitive information is displayed onscreen.

Sample Sessions

Genereating a secret and splitting it in three encrypted shares

Imagine Mr. John Doe just joined our company and it is time to set up his encrypted volume. In order to generate the passphase, he runs sharesec in his machine like the sample session below:

$ sharesec -t 2 -n 3 -w johndoe -g diceware::en -i -r kiko,evandro,lincoln

Choose: below we have 6 passphrase suggestions (more if you think of columns
------- instead of just rows). Choose one you find the easiest to memorize:

   1: pill anew pave pock chin zero
   2: rail skip slim eddy baud runt
   3: curl soda arty bark drop pier
   4: wont peep what atop hair undo
   5: dour yank nook sail life aloe
   6: bart bloc lies sewn fads call

 Tip: take your time. Don't try to choose in a hurry.

-- Press ENTER when ready to practice or any other key for more suggestions --

Attempt 1/3 -- New passphrase: [     OK    ] (... user correctly typed one of the above ...)

Attempt 2/3 -- New passphrase: [     OK    ] (... again ...)

Attempt 3/3 -- New passphrase: [     OK    ] (... yet again ...)

Using a 232 bit security level.
Using '/home/kiko/.gnupg/pubring.gpg'
Version: sharesec-0.8.1
Comment: johndoe-1/3 to kiko on 2007-04-02


Version: sharesec-0.8.1
Comment: johndoe-2/3 to evandro on 2007-04-02


Version: sharesec-0.8.1
Comment: johndoe-3/3 to lincoln on 2007-04-02


He then mails those PGP messages to each shareholder.

Recovering the Passphrase

Now suppose John Doe is on vacation trekking on the Diamantina Highlands with no cell phone coverage or any kind of connectivity. The sales department then says they urgently need an important file from his backups for a bid due tomorrow. After convincing me and another shareholder (say, Evandro) that there is no other way, we all agree to reconstruct his password. I use my PGP software to decrypt the message addressed to me, recovering my share; and Evandro does likewise. Below we see how simple the reconstruction session is;

# sharesec -t 2
Enter 2 shares separated by newlines:
Share [1/2]: johndoe-2/3-4FF3819CCAA5FF40F25EDBB9CF64BD2E5E51F9F77389A73346C6D9A84B
    (... screen cleared so that the other shareholder won't see our share ...)
Share [2/2]: johndoe-1/3-781D337E97284EEE577C9EE49D77114692255F7AE5906A36CD3C690C2E
Resulting secret: wont peep what atop hair undo

Other features

sharesec can also generate a secret non-interactively or accept secrets of your own choosing from the standard input. Besides, it can generate the shares without encrypting them.


The binaries are way larger than they needed to be. The secret sharing algorithm implementation uses GNU MP, while the PGP encryption part uses CryptLib, so we end up with two bignum libraries. Perhaps a much better approach would be to rewrite the whole program to use either GMP's or CryptLib's bignums. Or we could write a lightweight PGP encrypt-only library using OpenSSL and write the secret sharing part to use OpenSSL's bignums. (Tom Zerucha wrote such a PGP library, but I was unable to get it to work... but perhaps I didn't try hard enough, given that PGP encryption is so easy to do with CryptLib).

But I very much doubt I'll have the time to do any of this. As ugly as the solution currently is, it works well enough for me.


sharesec is based on the original ssss-0.5 by B. Poettering. See his page:

sharesec and the ssss utilities are compatible; you can generate the shares with one and reconstruct them with the other, or the other way around.

sharesec uses the CryptLib Encryption Toolkit by Peter Gutmann.

License and Downloads

sharesec is avaiable under the terms of the GNU GPL v2.

Further Reading

Kiko > SoftwareAndUtilities > ShareSecProgram
Creative Commons License   The content of this site is made available under the terms of a Creative Commons License, except where otherwise noted.
  O conteúdo deste site está disponibilizado nos termos de uma Licença Creative Commons, exceto onde dito em contrário.