Question regarding shared keys
vedaal at nym.hush.com
vedaal at nym.hush.com
Mon Feb 28 15:29:27 CET 2011
>Date: Mon, 28 Feb 2011 08:07:03 +0100
>From: "Denise Schmid" <Chinatinte at gmx.ch>
>To: gnupg-users at gnupg.org
>Subject: Re: Question regarding shared keys
>Message-ID: <20110228070703.164560 at gmx.net>
>Content-Type: text/plain; charset="utf-8"
>Does this mean that, if you want to encrypt
>a file, everybody has to use his/her key?
no
The 'shared' key is only the secret key. Anyone, (even someone who
has no share at all, i.e. an outside client of the company) can
encrypt to the public key.
>The background of my
>question is that a company claims that one of their managers has
>forgotten the key and therefore, they can't decrypt some files.
Possible.
Usually though, 'shared' keys are used for 'signing' documents,
proposals, orders, instructions, etc. that require a majority of
the governing board, and the shares are set to that number of the
majority required to pass the vote.
It's less likely that ordinary documents or client files need
decryption by a shared secret key, but is possible if the company
wanted an 'excuse' to not decrypt the files, and intentionally did
it this way.
If it were an 'excuse' though, and they really do need access to
the files, then it's probably encrypted somewhere else too, where
they 'can' decrypt, or there are some 'shares' stored away
somewhere ...
If you're lucky, and they happened to sign anything with the shared
key after the time they claimed not to be able to reconstruct the
key, then you caught them.
vedaal
More information about the Gnupg-users
mailing list