How to have 2 seperate keyrings on a server

Greg Motter greg_motter at hotmail.com
Tue Aug 28 23:56:38 CEST 2007




Albert Dengg-2 wrote:
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> On Mon, Aug 27, 2007 at 10:02:00AM -0700, Greg Motter wrote:
>> 
>> Hello,
>> 
>> GPG newbie here and have a question.
>> 
>> I'm working on setting up some encryption on a server and have been
>> working
>> with a consultant giving us what we should be doing. One thing he wants
>> us
>> to do is set up 2 keyrings and maintain 2 keyrings on our server. All we
>> are
>> doing is encrypting flat text files that contain sensitive info when they
>> are at rest. Then having a seperate process to decrypt these files when
>> they
>> are needed. What he wants us to do is this:
>> 
>> 1) Have a first keyring with our main key pair. The decrypt process will
>> access this keyring to do the decrypting.
>> 
>> 2) Have a second keyring with just the public key from the first keyring.
>> We'd then access this second keyring for our encryption process.
>> 
>> >From everything I've read. I see that you can change your keyring from
>> the
>> gpg.conf file. Is it possible to change the keyring you want to use from
>> within the command line? I've tried using --keyring  and
>> --primary-keyring
>> from the command line a bit without success.
> hi
> just a question...
> maybe i'm overlooking something
> what is the point of having 2 keyrings if both are readable by the same
> user?
> and if you have different users running the two processes, then just
> edit the corresponging ~/.gnupg/gpg.conf files to point to the
> corresponding keyrings
> 
> (of course i could be overlooking somethin...)
> 
> yours
> albert
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.6 (GNU/Linux)
> 
> iQCVAwUBRtQbySIMiEpzxsFKAQISTAP/dXsrLZmGrNORLyC0KnUowTxcg0uDaibu
> ENno8EoNSIwv8aA0YS63GSVlHOkGWilD1I3jj6gkJGrbAT+WX7Vrf/O+dyWIhjGX
> vC9VAL18YU6FIAYQ5RxZQ8asQEEV4UkaU9Xjph6b03nOJF/swT0SygkhtD2mxxMt
> xSsO0TJbHSI=
> =Jvuw
> -----END PGP SIGNATURE-----
> 
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
> 
> 

Honestly, I don't fully understand the purpose entirely also. Either way
you'll still need the passphrase to decrypt. But they wanted 2 keyrings. I'm
guessing just another level of obfuscation more than anything.
-- 
View this message in context: http://www.nabble.com/How-to-have-2-seperate-keyrings-on-a-server-tf4336951.html#a12377218
Sent from the GnuPG - User mailing list archive at Nabble.com.




More information about the Gnupg-users mailing list