IT Department having the secure key.

Jim Hendrick jrhendri at
Mon Jul 27 13:52:05 CEST 2009

Although it is controversial, look into key escrow.

One possibility is to allow (require via policy?) users to encrypt data to a
single central escrow key (that you store offline) in addition to any other
keys they use. Then if recovery is required, the escrow key can be used to
decrypt the data.

The policies and procedures for use of this *must* be well defined up front.
How and under what circumstances this is used, etc. Otherwise you risk
losing the trust of your users.

One possibility is to encrypt the escrow private key, storing the passphrase
separately from the key so that two parties are required to recover data
(e.g. put the key on a CD or USB stick in one safe, put the passphrase in a
sealed envelope in a different safe)

Just thoughts.



-----Original Message-----
From: gnupg-users-bounces at [mailto:gnupg-users-bounces at]
On Behalf Of arcintl
Sent: Sunday, July 26, 2009 12:27 PM
To: gnupg-users at
Subject: IT Department having the secure key.

i wish to setup GNUpg for my work (i am the IT Administrator) but i have a
few questions.

First: if the user creates a key and then leaves the company. assuming
he/she didnt tell anyone the pass phrase and was the only key used, are
those files locked for ever?

if this is so my idea was the IT department (i.e. me) create the keys for
all my users and use a complete random password for all, then backup those
keys. then issue them to the user and allow them to change the pass phrase
to something they prefer. then if the user leaves we can use the originally
backed up key with the original password to decrypt the files they

will this work? i know it may sound like a security risk and ruin the whole
point of encrypting in the first place but this is the only way i can think
of safe gaurding the companies data (not users data).

Also have another question.

if a users key is compromised i.e. someone knows their pass phrase. should
the user just change the pass phrase or should a new key be generated? and
if a new key is needed will all the files that were encrypted with the old
key be in danger of be decrypted or be totally useless without the old key?

Sorry if this has been answered before or a dumb question. i am new to this
View this message in context:
Sent from the GnuPG - User mailing list archive at

Gnupg-users mailing list
Gnupg-users at

More information about the Gnupg-users mailing list