andreas.bergen at in-jesus.de
Tue Mar 30 19:11:58 CEST 2004
I've got a question regarding pgp / gnupg / gpgsm, etc. What I'd like to know
is, if there's a way to use these (or other?) encryption systems to do the
I'd like to have a master keypair (M).
Using this I can create one or more dependant keypairs (D1 through Dn) (which
by themselves can, if M allows, to be masters for keys E1 through Em).
When I encrypt a file using the keys Di, the encrypted file can be decrypted
using only Di (and not Dj with i != j) or M.
M can be configured to allow or disallow certain Di to sign in M's name
without giving away the secret part of M. That is, if someone gets a message,
signed by Di the signature can be verified using the public part of M (or
Using M I can create revocation certificates for all Di.
This can be used for example for signing publicly available software, where
the signing-process can be delegated without giving away the master signing
key. Or it can be used for people / organizations to have a backup master key
to be able to decrypt files with where the decryption-key / passphrase has
Any comments welcome.
Please reply be email as I'm not subscribed to this mailinglist.
PGP/GnuPG-encrypted / -signed Email welcome. PGP-key-ID: 8CDEC18F
Gott ist Liebe, und wer in der Liebe bleibt, bleibt in Gott und Gott in ihm.
More information about the Gnupg-users