How to establish a company web-of-trust

Karl Voit devnull at Karl-Voit.at
Mon Mar 17 17:23:39 CET 2008


* Karl Voit <devnull at Karl-Voit.at> wrote:
>
> I want to establish secure email communication in our company
> (Windows, Outlook, gpg4win). I do not want to maintain a keyserver
> by myself.
>
> My attempt: every employee generates his own keypair and exports the
> public key to a keyserver. I as the admin downloads his key from the
> server, compares the ID with the employee and signs the key with the
> "central company key".
>
> Any communication partner can check, wether the key of the employee
> was signed by our official "company key" which is downloadable from
> our web site.
>
> So far so good - I think.
>
> But: what if an employee quits the company? Can I revoke the
> signature? WinPT (as a key management frontend) does not seem to
> provide this feature.

I just found out that WinPT does not provide all options that gpg
(command line version) provides :-(

So my current attempt is: the employee has to add the company key as
a revoker and then export it to the keyserver. So the company key is
able to revoke any employees key.

This seems to be a clean attempt for me now.

Any suggestions?

-- 
Karl Voit
                                                    [X] expressive subjects NOW!




More information about the Gnupg-users mailing list