Implementation questions

Atom 'Smasher' atom-gpg at suspicious.org
Wed Apr 7 10:13:31 CEST 2004 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> Thanks for the reply, the email being encrypted was not a huge concern,
> we would only use that for corporate communication and if the recipient
> left then the sender would know what was in the email.
================

experiment:
1) install my public key
2) $ chmod 0 ~/.gnupg/gpg.conf
3) $ ps | gpg -ear 0x3D7D41E3

you're the sender, i'm the recipient. as the sender of that message, see
if you can decrypt it... i'll be *very* impressed if you can.

my point, here, is that you can't always count on the sender encrypting to
themself. and what if the sender and recipient both get hit by a bus?


> We were more looking along the lines of storing customer info
> (passwords) where multiple sysadmins could access/decrypt the info and
================

data can be ENcrypted on auto-pilot to as many keys as you want, and sent
to a file, database, etc....


> the scenario our suit likes to use "What if your all hit by a bus at the
> same time?" he would be able to decrypt the passwords and pass them on
> to the replacment team.
================

one of the encryption keys could belong to the boss... they never plan on
getting hit by a bus. also, you might want to print out your private key,
write out your secret password on it, put it in an envelope, and store
that in a locked safe, under control of the boss. when all of the techs
get hit by a meteorite, the new techs can recover the keys from the safe.


> Once a file is encrypted to multiple keys is there a way to remove one
> of the keys from being able to decrypt it? Sort of like revoking a key?
================

that's tough.... i can't think of a way to do that. even if you could
"revoke" the key, let's say one of the employees emails the database to
himself, and then gets fired: he's home with a copy of the db and his
secret key.

the best thing i can think of (at 0400 hrs) to deal with that, is to have
a file/db encrypted to each employee. if an employee leaves, that file/db
can be deleted.... but it won't do any good to delete it if they already
saved their own copy  ;)


	...atom

 _________________________________________
 PGP key - http://atom.smasher.org/pgp.txt
 3EBE 2810 30AE 601D 54B2 4A90 9C28 0BBF 3D7D 41E3
 -------------------------------------------------

	"I hope we shall crush in its birth the aristocracy of our
	 monied corporations which dare already to challenge our
	 government to a trial of strength, and bid defiance to
	 the laws our country."
		-- Thomas Jefferson, 1816
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (FreeBSD)
Comment: What is this gibberish?  -  http://atom.smasher.org/links/#digital_signatures

iD8DBQFAc7gwnCgLvz19QeMRAmJLAKClBBjNsmNTjTc7uBcJ//se6a0K6QCeJie4
tRhmRLEz27VK7xJiruqXVQ4=
=r8cs
-----END PGP SIGNATURE-----

More information about the Gnupg-users mailing list