atom-gpg at suspicious.org
Wed Apr 7 10:13:31 CEST 2004
-----BEGIN PGP SIGNED MESSAGE-----
> Thanks for the reply, the email being encrypted was not a huge concern,
> we would only use that for corporate communication and if the recipient
> left then the sender would know what was in the email.
1) install my public key
2) $ chmod 0 ~/.gnupg/gpg.conf
3) $ ps | gpg -ear 0x3D7D41E3
you're the sender, i'm the recipient. as the sender of that message, see
if you can decrypt it... i'll be *very* impressed if you can.
my point, here, is that you can't always count on the sender encrypting to
themself. and what if the sender and recipient both get hit by a bus?
> We were more looking along the lines of storing customer info
> (passwords) where multiple sysadmins could access/decrypt the info and
data can be ENcrypted on auto-pilot to as many keys as you want, and sent
to a file, database, etc....
> the scenario our suit likes to use "What if your all hit by a bus at the
> same time?" he would be able to decrypt the passwords and pass them on
> to the replacment team.
one of the encryption keys could belong to the boss... they never plan on
getting hit by a bus. also, you might want to print out your private key,
write out your secret password on it, put it in an envelope, and store
that in a locked safe, under control of the boss. when all of the techs
get hit by a meteorite, the new techs can recover the keys from the safe.
> Once a file is encrypted to multiple keys is there a way to remove one
> of the keys from being able to decrypt it? Sort of like revoking a key?
that's tough.... i can't think of a way to do that. even if you could
"revoke" the key, let's say one of the employees emails the database to
himself, and then gets fired: he's home with a copy of the db and his
the best thing i can think of (at 0400 hrs) to deal with that, is to have
a file/db encrypted to each employee. if an employee leaves, that file/db
can be deleted.... but it won't do any good to delete it if they already
saved their own copy ;)
PGP key - http://atom.smasher.org/pgp.txt
3EBE 2810 30AE 601D 54B2 4A90 9C28 0BBF 3D7D 41E3
"I hope we shall crush in its birth the aristocracy of our
monied corporations which dare already to challenge our
government to a trial of strength, and bid defiance to
the laws our country."
-- Thomas Jefferson, 1816
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (FreeBSD)
Comment: What is this gibberish? - http://atom.smasher.org/links/#digital_signatures
-----END PGP SIGNATURE-----
More information about the Gnupg-users