Implementation questions
Jason Burnett
jason at monkeypr0n.org
Wed Apr 7 09:44:32 CEST 2004
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Thanks for the reply, the email being encrypted was not a huge concern,
we would only use that for corporate communication and if the recipient
left then the sender would know what was in the email. We were more
looking along the lines of storing customer info (passwords) where
multiple sysadmins could access/decrypt the info and the scenario our
suit likes to use "What if your all hit by a bus at the same time?" he
would be able to decrypt the passwords and pass them on to the
replacment team.
Once a file is encrypted to multiple keys is there a way to remove one of the
keys from being able to decrypt it? Sort of like revoking a key?
on Wed Apr 07 Atom 'Smasher' spoke forth with the blessed manuscript
> > The question has been brought up concerning storing secure information
> > (encrypted) on an internal server we have and allowing multiple
> > personnel to be able to decrypt that info. Can you encrypt a file
> > against multiple keys? Is having a departmental or company key that
> > everyone has a good idea (does not seem like it would be)? I am just
> > looking for some suggestions on how to implement this or some examples
> > of how this has been done by members of the list.
> ====================================
> PGP/GPG will let you encrypt a message to any number of users at once.
> last i checked, MIT-PGP (tm) had a feature that's sort of like a
> key-escrow, so if someone leaves the company, email encrypted to them can
> be decrypted with the "other" key. GnuPG doesn't support that, but in some
> workplaces you can do almost the same thing by adding a "recipient" line
> to a user's config file.
> keys used by more than one individual person are almost always a bad idea,
> but you'll really have to assess the security risks, concerns, threats,
> etc to get a picture of what level of security you want/need and what
> applications (PGP, symmetric encryption, file-system encryption, etc) will
> help you get there.
> ...atom
> _________________________________________
> PGP key - http://atom.smasher.org/pgp.txt
> 3EBE 2810 30AE 601D 54B2 4A90 9C28 0BBF 3D7D 41E3
> -------------------------------------------------
> "There is a theory which states that if ever anyone discovers
> exactly what the Universe is for and why it is here, it will
> instantly disappear and be replaced by something even more
> bizarrely inexplicable. There is another theory which states
> that this has already happened."
> -- Douglas Adams
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
- --
PGP key - http://www.monkeypr0n.org/keyring/jason@monkeypr0n
793A 39E7 5655 0415 5C5E 976E 94D8 F8C4 C061 DF64
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFAc7FglNj4xMBh32QRAoH0AJ9dHF3qqeCxcDEY46WZ6ZRCyPIzXwCfSq4z
0zR0sS1FEzpaVDP3udAV2wM=
=QHHp
-----END PGP SIGNATURE-----
More information about the Gnupg-users
mailing list