Optimal Corporate GnuPG Use (Was: [Enigmail] Multiple email addresses)

Allen Schultz allen.schultz at gmail.com
Wed Jul 22 20:43:04 CEST 2009 

Phil Stracchino wrote:
> Taistealaiche wrote:
>> Hi,
>> I'm not sure if these questions belong on this list so please inform
>> me if I'm wrong.
> 
> They're really PGP/GnuPG/OpenPGP questions, not Enigmail questions.
> 
>> 1) Is it possible, in the case of an organisation, to have one Public
>> Key which can be tied to several different email addreses?
> 
> Yes, trivially.  Though I'm not entirely certain why you would want to
> do such a thing.
> 
>> 2) If the above is possible, is it also possible for each email
>> address to have a separate passphrase for that key?
> 
> Yes.  Though I'm not certain why you would want to do such a thing.
> 
>> 3) If both of the above are possible, could someone very kindly
>> explain how to do it?
> 
> It's really quite simple.  Create the key as you normally would,
> distribute it to the people you intent to have it, then have each holder
> use the normal key management tools to change the key passphrase on it
> from the original passphrase to their own chosen passphrase.
> 
> Though, as noted above, I'm not certain why you would want to do such a
> thing, and don't see what you could gain by it.

First, I do apologize for the cross posting, but this came up in the
enigmail mailing group. It's off topic there, so I'll ask my question
here. Second, I do apologize for not trimming this message, as this hold
his original questions/situation info.

For this user's situation, would it be better to have each individual
have their own key signed by a company root key? Or is there another
model best suited for his needs?

-- 
Allen Schultz <Allen.Schultz at gmail.com>
GPG Key Info:
pub   3072R/DAD4736B 2009-05-20
      Key fingerprint = 16AD EFE1 D68F C8A8 B086  68CD 1A35 85C7 DAD4 736B
uid                  Allen Schultz (aldaek) <allen.schultz at gmail.com>
uid                  [jpeg image of size 6128]
sub   2048R/F55651E0 2009-05-20 [expires: 2010-05-20]
sub   2048R/5687B83E 2009-05-20 [expires: 2010-05-20]
-------------- next part --------------
A non-text attachment was scrubbed...
Name: allen_schultz.vcf
Type: text/x-vcard
Size: 589 bytes
Desc: not available
URL: </pipermail/attachments/20090722/b4867574/attachment.vcf>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 551 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20090722/b4867574/attachment.pgp>

More information about the Gnupg-users mailing list