Generating New Master Key Shares in Vault

Vault makes use of Shamir’s secret sharing scheme to split a master key into n pieces, requiring at least k of them to be presented at ‘unseal’ time. At initialisation time, the user specifies what values n and k should take. Vault does not make it possible to change the number of shares after initialisation without recreating new shares for existing shareholders, despite Shamir’s scheme allowing it. I decided to raise a pull request implementing this functionality to make it easier to create more shares.

How can we create a new share without recreating the master key?

I’ve written in detail how Shamir’s scheme works in this post but as a quick overview:

  • a polynomial of degree k-1 that passes through the point (0, S) is randomly selected, where S is the secret to split
  • n non-zero points on this curve are selected as shares
  • In order to recreate the curve and find S, k points must be provided
  • A collection of fewer than k points cannot provide enough information to recreate the curve (and therefore S).

As the shares take the form of points along a curve, a new share can be added simply by selecting another point on the same curve. During initialisation Vault selects the first n points on the curve, so it is easy to track which points are already in use.

The implementation is as follows:

  • provide k shares in order to recreate the secret curve along with a PGP key for encrypting the new share
  • generate a new share by taking the (n+1)th point on the curve
  • update Vault so that it knows there are now n+1 shares
  • return encrypted share

How can I use the generate-share endpoint?

To kick off the process of generating a new share, call generate-share with the init flag and pass in the path to a PGP public key:

$ vault generate-share -init -pgp-key=

Then call generate-share k times, each with a different share of the master key:

$ vault generate-share

After providing the final share, a new share encrypted with the provided PGP public key will be returned. This can then be used to unseal Vault!

You can use the status flag to check how many shares have already been provided:

$ vault generate-share -status

The cancel flag is also available to cancel the share generation process:

$ vault generate-share -cancel

The fork can be found here:

The pull request can be found here:

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s