Inspired by Boyd's 1986 paper "Digital Multisignatures", which introduced additive secret sharing for splitting RSA keys. Unfortunately I haven't found an online version of that paper, although a followup from 1988 is available. https://link.springer.com/content/pdf/10.1007/3-540-45961-8_40.pdf
@th y u no OAEP?
@zwol OAEP includes a random bit string to avoid determinism, which makes it unsuitable for distributed signatures unless the parties agree on the randomness.
@th looks interesting! Maybe add to readme a brief note on what parameters are used (key size) and (though it doesn't matter in this setting) performance?
@eqe noted! thanks for the suggestion. (2048 bit for now, since that was what I was hoping to be able to install to yubikeys)