Corporate use of gnupg
dshaw at jabberwocky.com
Tue Feb 19 14:33:55 CET 2008
On Fri, Feb 15, 2008 at 07:00:12PM -0800, Texaskilt wrote:
> I guess what we are wanting is for every mail user to have their own
> public/private key. This way they can encrypt their own email on the
> corporate system.
> In addition, every email would also be encrypted using the "corporate key"
> that would be in the hands of a select few (supposedly).
> For example, the sales force can send encrypted mail to each other, but when
> a salesperson leaves the company, the Email Admin can retreive and decrypt
> the email so that the salesperson's replacement can pick up their accounts
> without too much disruption.
> Looks like this is ADK. Is there any way to do this on gpg?
Yes. Put "encrypt-to (the-adk-key)" in everyone's gpg.conf.
Of course, they could turn around and take it right out again. Unless
you have pretty tight control over the environment, ADKs or
encrypt-tos are not foolproof (and that applies to both PGP and GPG).
As I said before, note that this isn't safe because of the crypto
math. It's "safe" because you can fire people who don't do it.
More information about the Gnupg-users