Implementation questions/what to do when someone leaves

Wed Apr 7 15:31:23 CEST 2004

On the question of a file encrypted to many keys, and
one of the recipients leaves, gets convicted, etc.  then
simply de-crypt the document (which anyone of the other
recipients can do) and then re-encrypt it with N-1 keys
(the list of keys remaining with key deleted for the person
for whom access is to be withdrawn).  And, the re-encryption
can be accomplished also by anyone of the recipients.

Regards,
Newton

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
>> Thanks for the reply, the email being encrypted was not a huge concern,
>> we would only use that for corporate communication and if the recipient
>> left then the sender would know what was in the email.
> ================
>
> experiment:
> 1) install my public key
> 2) $ chmod 0 ~/.gnupg/gpg.conf
> 3) $ ps | gpg -ear 0x3D7D41E3
>
> you're the sender, i'm the recipient. as the sender of that message, see
> if you can decrypt it... i'll be *very* impressed if you can.
>
> my point, here, is that you can't always count on the sender encrypting to
> themself. and what if the sender and recipient both get hit by a bus?
>
>
>> We were more looking along the lines of storing customer info
>> (passwords) where multiple sysadmins could access/decrypt the info and
> ================
>
> data can be ENcrypted on auto-pilot to as many keys as you want, and sent
> to a file, database, etc....
>
>
>> the scenario our suit likes to use "What if your all hit by a bus at the
>> same time?" he would be able to decrypt the passwords and pass them on
>> to the replacment team.
> ================
>
> one of the encryption keys could belong to the boss... they never plan on
> getting hit by a bus. also, you might want to print out your private key,
> write out your secret password on it, put it in an envelope, and store
> that in a locked safe, under control of the boss. when all of the techs
> get hit by a meteorite, the new techs can recover the keys from the safe.
>
>
>> Once a file is encrypted to multiple keys is there a way to remove one
>> of the keys from being able to decrypt it? Sort of like revoking a key?
> ================
>
> that's tough.... i can't think of a way to do that. even if you could
> "revoke" the key, let's say one of the employees emails the database to
> himself, and then gets fired: he's home with a copy of the db and his
> secret key.
>
> the best thing i can think of (at 0400 hrs) to deal with that, is to have
> a file/db encrypted to each employee. if an employee leaves, that file/db
> can be deleted.... but it won't do any good to delete it if they already
> saved their own copy  ;)
>
>
> 	...atom
>
>  _________________________________________
>  PGP key - http://atom.smasher.org/pgp.txt
>  3EBE 2810 30AE 601D 54B2 4A90 9C28 0BBF 3D7D 41E3
>  -------------------------------------------------
>
> 	"I hope we shall crush in its birth the aristocracy of our
> 	 monied corporations which dare already to challenge our
> 	 government to a trial of strength, and bid defiance to
> 	 the laws our country."
> 		-- Thomas Jefferson, 1816
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.4 (FreeBSD)
> Comment: What is this gibberish?  -
> http://atom.smasher.org/links/#digital_signatures
>
> iD8DBQFAc7gwnCgLvz19QeMRAmJLAKClBBjNsmNTjTc7uBcJ//se6a0K6QCeJie4
> tRhmRLEz27VK7xJiruqXVQ4=
> =r8cs
> -----END PGP SIGNATURE-----
>
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
>

===========
public key: (find at http://www.pgp.net)
pub 4096R/136FC036 2004-02-09 Newton Hammet
finger print: 0x93cae808136fc036