Janusz A. Urbanowicz
alex at bofh.net.pl
Mon Aug 21 12:17:41 CEST 2006
On Fri, Aug 18, 2006 at 03:09:43PM -0500, Brian Rosenvinge wrote:
> We have decided to decrypt using a "special" user and re-encrypt the
> file to multiple users. Our concern is that unless we want to do this
> manually it has to be scripted and that will require the "special"
> user's passphrase to live in the script or on a server in plaintext. No
> one in IS wants to add this to their daily responsibilities and we
> really should not have access to the data anyway as it is meant for our
> finance department.
put the special key on a smartcard with no passphrase, only the
physical avaliability of the sc will descrypt the data, and the key
will be unstealable electronically
More information about the Gnupg-users