IT Department having the secure key.

Robert J. Hansen rjh at
Mon Jul 27 15:26:25 CEST 2009

> One possibility is to allow (require via policy?) users to encrypt  
> data to a
> single central escrow key (that you store offline) in addition to  
> any other
> keys they use. Then if recovery is required, the escrow key can be  
> used to
> decrypt the data.

This sounds quite a bit like the Additional Decryption Key (ADK)  
feature of PGP.  It's worth noting that (a) PGP's ADK feature is not  
quite what people want to believe it is, and (b) is covered by a  
software patent held by PGP Corporation.  If someone's interested in  
pursuing this route, it would be a good idea to speak to a good patent  

More information about the Gnupg-users mailing list