Support for 16+ bytes secrets in Shamir implementation

[leosarra]

Hello everyone and thanks for your hard work on this project :+1:

I wanted to propose to support 16+ bytes secrets in pycryptodome's shamir implementation, in a similar way to "ssss" which supports up to 128 bytes.

I know that right now the key has a 16 bytes length because it is meant to be used primarily with AES128 but just increasing the len to 32 bytes would open up a lot of possibilities regarding the use of the key.

[miketery]

PR here: https://github.com/Legrandin/pycryptodome/pull/593

Thanks!

[mxmehl]

Thanks for the PR @miketery! I hope that it will get merged soon as I also depend on a longer key size for a project.

In the meantime I've settled with shamira whose API is also quite usable but not as well documented as pycryptodome.

[schummd]

@mxmehl thank you for providing a link to the alternative! I have tried using Shamira module, but running into the error:

if len({x for (x, _) in shares}) < len(shares):
ValueError: too many values to unpack (expected 2)

I couldn't find anyone to contract though the link (provider of shamira), and unable to solve this problem, as it does not appear when locally accessing the values in shares. Did you face this problem?

[mxmehl]

May I ask what you are trying to achieve with this line, @zonamoroza, and how you generated shares? Some context would be helpful.

However, I also believe this is the wrong place to discuss this. There is an issue tracker for shamira: https://trac.19x19.cz/shamira/report

[schummd]

@mxmehl just a simple generate shares and reconstruct shares (the above error I'm getting when reconstructing key), probably I'm doing it wrong.

shares = generate_raw(encoded_public_key, 3, 5)
key = reconstruct_raw(shares)
print(key)

Yes, you are right, it is the wrong place. Thank you for the link, I'll submit there if not solved.

[mxmehl]

@mxmehl just a simple generate shares and reconstruct shares (the above error I'm getting when reconstructing key), probably I'm doing it wrong.

I'm not using the raw functions, but like this:

from shamira import generate, reconstruct
shares = generate(mysecret, 3, 5)
# to reconstruct, the shares must be a list. We pass them to the function as *args, so a variable list of arguments
mysecret = reconstruct(*shares)
# to test, you could also try the function manually
mysecret = reconstruct("2.3.1.D59564...", "2.3.189.FFECD4...", "2.3.188.FFFFFF....")

Now, for all further questions, please use the tracker. This just is supposed to help people with an alternative library as long as pycryptodome has this limitation.

[NovaDear]

Bump - this feature would be useful in PCI Compliant environments where encryption key equivalency means that an SSS derived key of 128 bits can only be used to protect RSA keys of 3072 bits or less or ECC 256 bits or less. RSA Keys of 4096 bits or greater are becoming increasingly popular

See the PCI P2PE Standard 'Domain 5 Normative Annex C: Minimum and Equivalent Key Sizes and Strengths for Approved Algorithms' section for key equivalency details.