Group use of keys

Atom 'Smasher' atom at suspicious.org
Mon Nov 22 18:04:18 CET 2004


On Fri, 19 Nov 2004, Mike Edwards wrote:

> Hi!  I have a public key that I share with our customers and the secret 
> is on my keyring.  I have another person in my department that needs to 
> be able to decrypt files sent by our customers that have been encoded 
> with my public key.  IOW, we want a single public key with either a 
> shared secret or separate secret keys for the same public key.  Are 
> either scenarios possible?
=============================

it's easy for everyone to use the same key, and let everyone use their own 
passphrase for it.

1) "edit-key" and reset the password to something impossible. this ensures 
that everyone will change it.

2) export the secret key and give copies to everyone who needs it.

3) tell them that the passphrase is "pbrtavzHc0ZSRjEKsSIAdutLL6" (or 
something comparable) and tell them how to change it... they *will* change 
it.

4) you still have your copy, just reset your own passphrase after you 
export a copy with the impossible passphrase.

although it will work just the same, i would recommend that the UID 
identify it as a group (Customer Service), not an individual (Bob), but 
that's really for ideological reasons.

btw, how do you get your customers to use pgp?!?!


-- 
         ...atom

  _________________________________________
  PGP key - http://atom.smasher.org/pgp.txt
  762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808
  -------------------------------------------------

 	"Until they become conscious they will never rebel,
 	 and until after they have rebelled they cannot
 	 become conscious."
 		-- George Orwell





More information about the Gnupg-users mailing list