Implementation questions

Atom 'Smasher' atom-gpg at
Wed Apr 7 10:13:31 CEST 2004

Hash: SHA1

> Thanks for the reply, the email being encrypted was not a huge concern,
> we would only use that for corporate communication and if the recipient
> left then the sender would know what was in the email.

1) install my public key
2) $ chmod 0 ~/.gnupg/gpg.conf
3) $ ps | gpg -ear 0x3D7D41E3

you're the sender, i'm the recipient. as the sender of that message, see
if you can decrypt it... i'll be *very* impressed if you can.

my point, here, is that you can't always count on the sender encrypting to
themself. and what if the sender and recipient both get hit by a bus?

> We were more looking along the lines of storing customer info
> (passwords) where multiple sysadmins could access/decrypt the info and

data can be ENcrypted on auto-pilot to as many keys as you want, and sent
to a file, database, etc....

> the scenario our suit likes to use "What if your all hit by a bus at the
> same time?" he would be able to decrypt the passwords and pass them on
> to the replacment team.

one of the encryption keys could belong to the boss... they never plan on
getting hit by a bus. also, you might want to print out your private key,
write out your secret password on it, put it in an envelope, and store
that in a locked safe, under control of the boss. when all of the techs
get hit by a meteorite, the new techs can recover the keys from the safe.

> Once a file is encrypted to multiple keys is there a way to remove one
> of the keys from being able to decrypt it? Sort of like revoking a key?

that's tough.... i can't think of a way to do that. even if you could
"revoke" the key, let's say one of the employees emails the database to
himself, and then gets fired: he's home with a copy of the db and his
secret key.

the best thing i can think of (at 0400 hrs) to deal with that, is to have
a file/db encrypted to each employee. if an employee leaves, that file/db
can be deleted.... but it won't do any good to delete it if they already
saved their own copy  ;)


 PGP key -
 3EBE 2810 30AE 601D 54B2 4A90 9C28 0BBF 3D7D 41E3

	"I hope we shall crush in its birth the aristocracy of our
	 monied corporations which dare already to challenge our
	 government to a trial of strength, and bid defiance to
	 the laws our country."
		-- Thomas Jefferson, 1816
Version: GnuPG v1.2.4 (FreeBSD)
Comment: What is this gibberish?  -


More information about the Gnupg-users mailing list