Implementation questions/what to do when someone leaves
newton at hammet.net
Wed Apr 7 15:31:23 CEST 2004
On the question of a file encrypted to many keys, and
one of the recipients leaves, gets convicted, etc. then
simply de-crypt the document (which anyone of the other
recipients can do) and then re-encrypt it with N-1 keys
(the list of keys remaining with key deleted for the person
for whom access is to be withdrawn). And, the re-encryption
can be accomplished also by anyone of the recipients.
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>> Thanks for the reply, the email being encrypted was not a huge concern,
>> we would only use that for corporate communication and if the recipient
>> left then the sender would know what was in the email.
> 1) install my public key
> 2) $ chmod 0 ~/.gnupg/gpg.conf
> 3) $ ps | gpg -ear 0x3D7D41E3
> you're the sender, i'm the recipient. as the sender of that message, see
> if you can decrypt it... i'll be *very* impressed if you can.
> my point, here, is that you can't always count on the sender encrypting to
> themself. and what if the sender and recipient both get hit by a bus?
>> We were more looking along the lines of storing customer info
>> (passwords) where multiple sysadmins could access/decrypt the info and
> data can be ENcrypted on auto-pilot to as many keys as you want, and sent
> to a file, database, etc....
>> the scenario our suit likes to use "What if your all hit by a bus at the
>> same time?" he would be able to decrypt the passwords and pass them on
>> to the replacment team.
> one of the encryption keys could belong to the boss... they never plan on
> getting hit by a bus. also, you might want to print out your private key,
> write out your secret password on it, put it in an envelope, and store
> that in a locked safe, under control of the boss. when all of the techs
> get hit by a meteorite, the new techs can recover the keys from the safe.
>> Once a file is encrypted to multiple keys is there a way to remove one
>> of the keys from being able to decrypt it? Sort of like revoking a key?
> that's tough.... i can't think of a way to do that. even if you could
> "revoke" the key, let's say one of the employees emails the database to
> himself, and then gets fired: he's home with a copy of the db and his
> secret key.
> the best thing i can think of (at 0400 hrs) to deal with that, is to have
> a file/db encrypted to each employee. if an employee leaves, that file/db
> can be deleted.... but it won't do any good to delete it if they already
> saved their own copy ;)
> PGP key - http://atom.smasher.org/pgp.txt
> 3EBE 2810 30AE 601D 54B2 4A90 9C28 0BBF 3D7D 41E3
> "I hope we shall crush in its birth the aristocracy of our
> monied corporations which dare already to challenge our
> government to a trial of strength, and bid defiance to
> the laws our country."
> -- Thomas Jefferson, 1816
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.4 (FreeBSD)
> Comment: What is this gibberish? -
> -----END PGP SIGNATURE-----
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
public key: (find at http://www.pgp.net)
pub 4096R/136FC036 2004-02-09 Newton Hammet
finger print: 0x93cae808136fc036
More information about the Gnupg-users