IT Department having the secure key.

Ingo Krabbe ingo.krabbe at eoa.de
Mon Jul 27 12:33:17 CEST 2009 

On Mon, Jul 27, 2009 at 02:25:05AM -0700, arcintl wrote:
> 
> i wish to setup GNUpg for my work (i am the IT Administrator) but i have a
> few questions.

good idea

> 
> First: if the user creates a key and then leaves the company. assuming
> he/she didnt tell anyone the pass phrase and was the only key used, are
> those files locked for ever?

Actually those files aren't locked but possibly encrypted, which is most times
even better than deleting them.  So noone will have access to them who doesn't
own the key.

> if this is so my idea was the IT department (i.e. me) create the keys for
> all my users and use a complete random password for all, then backup those
> keys. then issue them to the user and allow them to change the pass phrase
> to something they prefer. then if the user leaves we can use the originally
> backed up key with the original password to decrypt the files they
> encrypted.

You have to distinguish two or three things:

1. Passwords and keys.  When you use asymmetric encryption, you don't need a
password to decrypt a file, but you need the key (that is actually nothing else
then quite a long password) but: The password or the key that encrypted the file
is another one then you need to decrypt it (asymmetric)
2. You could store the same key multiple times, secured by different passwords,
or even without a password at all.  Everyone who has access to the key and the
password to use the key (ofc) can decrypt the data.
3. GnuPG is a distributed system in contrast to SSL Ciphers, that are
assymmetric as well but need a centralized keyserver to prove the validity of
the key.

> will this work? i know it may sound like a security risk and ruin the whole
> point of encrypting in the first place but this is the only way i can think
> of safe gaurding the companies data (not users data).

You should think twice, and then again, of how you store and distribute the keys
and how you secure them.  Finally you will get maximum security from GnuPG: But,
as long as you aren't 100% sure what you are doing: Have a backup.

For example the problem is: If you create the keys for your users, you will have
to transfer them to the users, which makes a bit of unsureness of who listens on
the transfer lines.
And: You can only encrypt the files for one key.  So only one user will have
access to the files (owns the files), as long as you don't share the keys.  For
example you can introduce company wide keys or deparmtement keys and distribute
them to anyone, who should have access.

> Also have another question.
> 
> if a users key is compromised i.e. someone knows their pass phrase. should
> the user just change the pass phrase or should a new key be generated? and
> if a new key is needed will all the files that were encrypted with the old
> key be in danger of be decrypted or be totally useless without the old key?

Right.  Assumed that you use one key for a group of users and encrypt the file
with this key, if anyone can get access to this key stored for any user, he will
get access to the encrypted files.  But you need to have access to both: The key
file and the password.  It's like a banking card and the PIN number.  If you own
just one of them, you don't have access to the account.  But if you can copy the
bank card and you can crack the pin you will have access.

> Sorry if this has been answered before or a dumb question. i am new to this
> stuff.

I hope I could push you somewhat forward with your questions.

bye, ikrabbe

More information about the Gnupg-users mailing list