Corporate use of gnupg

Hardeep Singh, Noida hardeeps at hcl.in
Tue Feb 19 14:39:38 CET 2008


Hi All

Isnt it pretty easy to have a script on the server (try to) decrypt each
email. If the email decrypts, fine else not allow the email to go
through. That will force people to retain the option in conf file if
they want their message to reach. 

Regards
Hardeep Singh
http://www.SeeingWithC.org/
 

-----Original Message-----
From: gnupg-users-bounces at gnupg.org
[mailto:gnupg-users-bounces at gnupg.org] On Behalf Of David Shaw
Sent: Tuesday, February 19, 2008 7:04 PM
To: gnupg-users at gnupg.org
Subject: Re: Corporate use of gnupg

On Fri, Feb 15, 2008 at 07:00:12PM -0800, Texaskilt wrote:
> 
> I guess what we are wanting is for every mail user to have their own 
> public/private key.  This way they can encrypt their own email on the 
> corporate system.
> 
> In addition, every email would also be encrypted using the "corporate
key"
> that would be in the hands of a select few (supposedly).
> 
> For example, the sales force can send encrypted mail to each other, 
> but when a salesperson leaves the company, the Email Admin can 
> retreive and decrypt the email so that the salesperson's replacement 
> can pick up their accounts without too much disruption.
> 
> Looks like this is ADK.  Is there any way to do this on gpg?

Yes.  Put "encrypt-to (the-adk-key)" in everyone's gpg.conf.

Of course, they could turn around and take it right out again.  Unless
you have pretty tight control over the environment, ADKs or encrypt-tos
are not foolproof (and that applies to both PGP and GPG).

As I said before, note that this isn't safe because of the crypto math.
It's "safe" because you can fire people who don't do it.

David

_______________________________________________
Gnupg-users mailing list
Gnupg-users at gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

DISCLAIMER:
-----------------------------------------------------------------------------------------------------------------------

The contents of this e-mail and any attachment(s) are confidential and intended for the named recipient(s) only. 
It shall not attach any liability on the originator or HCL or its affiliates. Any views or opinions presented in 
this email are solely those of the author and may not necessarily reflect the opinions of HCL or its affiliates. 
Any form of reproduction, dissemination, copying, disclosure, modification, distribution and / or publication of 
this message without the prior written consent of the author of this e-mail is strictly prohibited. If you have 
received this email in error please delete it and notify the sender immediately. Before opening any mail and 
attachments please check them for viruses and defect.

-----------------------------------------------------------------------------------------------------------------------



More information about the Gnupg-users mailing list