How to have 2 seperate keyrings on a server
greg_motter at hotmail.com
Tue Aug 28 23:56:38 CEST 2007
Albert Dengg-2 wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> On Mon, Aug 27, 2007 at 10:02:00AM -0700, Greg Motter wrote:
>> GPG newbie here and have a question.
>> I'm working on setting up some encryption on a server and have been
>> with a consultant giving us what we should be doing. One thing he wants
>> to do is set up 2 keyrings and maintain 2 keyrings on our server. All we
>> doing is encrypting flat text files that contain sensitive info when they
>> are at rest. Then having a seperate process to decrypt these files when
>> are needed. What he wants us to do is this:
>> 1) Have a first keyring with our main key pair. The decrypt process will
>> access this keyring to do the decrypting.
>> 2) Have a second keyring with just the public key from the first keyring.
>> We'd then access this second keyring for our encryption process.
>> >From everything I've read. I see that you can change your keyring from
>> gpg.conf file. Is it possible to change the keyring you want to use from
>> within the command line? I've tried using --keyring and
>> from the command line a bit without success.
> just a question...
> maybe i'm overlooking something
> what is the point of having 2 keyrings if both are readable by the same
> and if you have different users running the two processes, then just
> edit the corresponging ~/.gnupg/gpg.conf files to point to the
> corresponding keyrings
> (of course i could be overlooking somethin...)
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.6 (GNU/Linux)
> -----END PGP SIGNATURE-----
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
Honestly, I don't fully understand the purpose entirely also. Either way
you'll still need the passphrase to decrypt. But they wanted 2 keyrings. I'm
guessing just another level of obfuscation more than anything.
View this message in context: http://www.nabble.com/How-to-have-2-seperate-keyrings-on-a-server-tf4336951.html#a12377218
Sent from the GnuPG - User mailing list archive at Nabble.com.
More information about the Gnupg-users