Group use of keys
Atom 'Smasher'
atom at suspicious.org
Mon Nov 22 18:04:18 CET 2004
On Fri, 19 Nov 2004, Mike Edwards wrote:
> Hi! I have a public key that I share with our customers and the secret
> is on my keyring. I have another person in my department that needs to
> be able to decrypt files sent by our customers that have been encoded
> with my public key. IOW, we want a single public key with either a
> shared secret or separate secret keys for the same public key. Are
> either scenarios possible?
=============================
it's easy for everyone to use the same key, and let everyone use their own
passphrase for it.
1) "edit-key" and reset the password to something impossible. this ensures
that everyone will change it.
2) export the secret key and give copies to everyone who needs it.
3) tell them that the passphrase is "pbrtavzHc0ZSRjEKsSIAdutLL6" (or
something comparable) and tell them how to change it... they *will* change
it.
4) you still have your copy, just reset your own passphrase after you
export a copy with the impossible passphrase.
although it will work just the same, i would recommend that the UID
identify it as a group (Customer Service), not an individual (Bob), but
that's really for ideological reasons.
btw, how do you get your customers to use pgp?!?!
--
...atom
_________________________________________
PGP key - http://atom.smasher.org/pgp.txt
762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808
-------------------------------------------------
"Until they become conscious they will never rebel,
and until after they have rebelled they cannot
become conscious."
-- George Orwell
More information about the Gnupg-users
mailing list