Implementation questions

Atom 'Smasher' atom-gpg at suspicious.org
Wed Apr 7 09:07:47 CEST 2004 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> The question has been brought up concerning storing secure information
> (encrypted) on an internal server we have and allowing multiple
> personnel to be able to decrypt that info. Can you encrypt a file
> against multiple keys? Is having a departmental or company key that
> everyone has a good idea (does not seem like it would be)? I am just
> looking for some suggestions on how to implement this or some examples
> of how this has been done by members of the list.
====================================

PGP/GPG will let you encrypt a message to any number of users at once.

last i checked, MIT-PGP (tm) had a feature that's sort of like a
key-escrow, so if someone leaves the company, email encrypted to them can
be decrypted with the "other" key. GnuPG doesn't support that, but in some
workplaces you can do almost the same thing by adding a "recipient" line
to a user's config file.

keys used by more than one individual person are almost always a bad idea,
but you'll really have to assess the security risks, concerns, threats,
etc to get a picture of what level of security you want/need and what
applications (PGP, symmetric encryption, file-system encryption, etc) will
help you get there.


	...atom

 _________________________________________
 PGP key - http://atom.smasher.org/pgp.txt
 3EBE 2810 30AE 601D 54B2 4A90 9C28 0BBF 3D7D 41E3
 -------------------------------------------------

	"There is a theory which states that if ever anyone discovers
	 exactly what the Universe is for and why it is here, it will
	 instantly disappear and be replaced by something even more
	 bizarrely inexplicable. There is another theory which states
	 that this has already happened."
		-- Douglas Adams
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (FreeBSD)
Comment: What is this gibberish?  -  http://atom.smasher.org/links/#digital_signatures

iD8DBQFAc6jInCgLvz19QeMRAqNhAJ9ujvfTQgS285StRDZpC4PnHIJ6ngCdFSCr
zLKn7R0jPqWUDFkC8+YhjPE=
=xhqZ
-----END PGP SIGNATURE-----

More information about the Gnupg-users mailing list