Multiple Subkeys/UIDs

David Shaw dshaw at jabberwocky.com
Mon Mar 21 23:35:34 CET 2005


On Mon, Mar 21, 2005 at 04:25:07PM -0600, Grimes, Dean wrote:
> >You mention that all data enters the central location encrypted, but is
> then decrypted ("for processing") and then re-encrypted.
> 
> The processing script would most likely decrypt the file piping the output
> into the processing program. Once processing is complete, the script would
> then mv/cp the already encrypted file to it's storage location. There would
> be no need to re-encrypt the file.
> 
> >Also: once a file is archived, is it still writable?  That is, is it
> >permissible to go back and edit this file to remove a particular key
> >from it?
> 
> No. The file would not be editable nor would any other process write to the
> file. The only activity allowed on the file would be to decrypt for reading
> purposes in a designated work area to be determined and set forth in the
> policy.

That makes things very difficult, unfortunately.  Given those
restrictions, I think your best bet is to have some sort of "check
out" process when someone needs to read a file.  At that point, the
file is decrypted by the master key and then re-encrypted to that
persons key.  Your local policy and setup will need to be written in
such a way that this person cannot make their own copy of the file
while reading it.

However, given that restriction (that the user has no way to make
their own copy), I wonder what the point is in re-encrypting.  Why not
decrypt as part of the check-out and give it to them in the clear?

David



More information about the Gnupg-users mailing list