Corporate use of gnupg
Texaskilt
texaskilt at yahoo.com
Sat Feb 16 04:00:12 CET 2008
I guess what we are wanting is for every mail user to have their own
public/private key. This way they can encrypt their own email on the
corporate system.
In addition, every email would also be encrypted using the "corporate key"
that would be in the hands of a select few (supposedly).
For example, the sales force can send encrypted mail to each other, but when
a salesperson leaves the company, the Email Admin can retreive and decrypt
the email so that the salesperson's replacement can pick up their accounts
without too much disruption.
Looks like this is ADK. Is there any way to do this on gpg?
Thanks,
TK
David Shaw wrote:
>
> On Wed, Feb 06, 2008 at 11:35:14AM -0800, Texaskilt wrote:
>>
>> Apologies if this has already been asked. Honestly, I did my homework
>> and
>> looked in the archives!
>>
>> I am wanting to setup up users to use GnuPG for encrypting email, mainly
>> for
>> internal e-mail.
>>
>> Unfortunately, the "powers-that-be" want everyone that encrypts an email
>> to
>> also encrypt it to the "corporate secret key". Their reasoning is that
>> if a
>> person leaves, they want to have access to the old emails in case there
>> is a
>> "business critical" email in there.
>
> This is essentially the rationale behind the "ADK" (additional
> decryption key) feature of PGP.
>
>> Is there a way to "force" users to encrypt to a corporate key, in
>> addition
>> to the receipient's key?
>
> It depends on how strong the term "force" is. Even in PGP, the ADK
> system can be circumvented if the person tries hard enough.
>
> If you trust your employees to not hack you, then you can just stick a
> "encrypt-to (the keyid)" in everyone's gpg.conf file and give everyone
> a copy of the corporate public key.
>
> Note that this isn't safe because of the crypto math. It's "safe"
> because you can fire people that don't do it ;)
>
> David
>
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
>
>
--
View this message in context: http://www.nabble.com/Corporate-use-of-gnupg-tp15312177p15514362.html
Sent from the GnuPG - User mailing list archive at Nabble.com.
More information about the Gnupg-users
mailing list