This article details the process to split PGP keys in Symantec Encryption Desktop 10.X or higher.
Any private key can be split into shares among multiple shareholders using a cryptographic process known as Blakely-Shamir key splitting. This technique is recommended for extremely high security keys.
When you split a key, the shares are saved as files either encrypted to the public key of a shareholder or encrypted conventionally if the shareholder has no public key. After the key has been split, any attempts to sign or decrypt with it will automatically attempt to rejoin the key.
Splitting key shares is effective when using Additional Decryption Keys(ADK).
An additional decryption key (ADK) is a key generally used by security officers of an organization to decrypt messages that have been sent to or from employees within the organization. Messages encrypted by a key with an ADK are encrypted to the public key of the recipient and to the ADK, which means the holder of the ADK can also decrypt the message.
ADKs are rarely used or needed outside of a PGP Universal-managed environment. Although your PGP administrator should not ordinarily need to use the additional decryption keys, there may be circumstances when it is necessary to recover someones email. For example, if someone is injured and out of work for some time, or if email records are subpoenaed by a law enforcement agency and the corporation must decrypt mail as evidence for a court case.
To Split a PGP Key:
|Note: By default, each shareholder is responsible for one share. To increase the number of shares a shareholder controls, click the name in the shareholders list and then use the arrows to adjust the number of shares.|