IT Department having the secure key.
Faramir
faramir.cl at gmail.com
Mon Jul 27 19:50:11 CEST 2009
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
arcintl escribió:
...
> First: if the user creates a key and then leaves the company. assuming
> he/she didnt tell anyone the pass phrase and was the only key used, are
> those files locked for ever?
Right, without access to the secret key, it is not possible to decrypt
the files.
> if this is so my idea was the IT department (i.e. me) create the keys for
> all my users and use a complete random password for all, then backup those
> keys. then issue them to the user and allow them to change the pass phrase
> to something they prefer. then if the user leaves we can use the originally
> backed up key with the original password to decrypt the files they
> encrypted.
I think that is called key escrow. To prevent abuse on the backup,
maybe you can keep it encrypted with symmetric encryption, and maybe use
a secret sharing scheme, like Shamir's Secret Sharing Scheme
Take a look at http://point-at-infinity.org/ssss/ and at
http://en.wikipedia.org/wiki/Shamir%27s_Secret_Sharing
> will this work? i know it may sound like a security risk and ruin the whole
> point of encrypting in the first place but this is the only way i can think
> of safe gaurding the companies data (not users data).
Well, I think while the backup is stored safely, it would not be too
risky... but what if the one knowing the passphrase of the backup leaves
the company? That's why I suggested using something like SSSS.
> Also have another question.
>
> if a users key is compromised i.e. someone knows their pass phrase. should
> the user just change the pass phrase or should a new key be generated? and
> if a new key is needed will all the files that were encrypted with the old
> key be in danger of be decrypted or be totally useless without the old key?
I think (but I may be wrong) that it is suggested to revoke the key
and generate a new one, just in case.
By the way, it is a good idea to don't delete revoked keys, they will
be needed to decrypt files (or messages) encrypted to that old key...
Best Regards
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQEcBAEBCAAGBQJKbejTAAoJEMV4f6PvczxAEzEH/3loCsEgj053rh7dczJ6Anpl
rVM8hRjbYuRReCbUx7KUrMyXJ3I5uB3I2k3xOE3a0q0VnGgdsG7IAxqdJrJLk+w/
gJBbk+y+3lCGoQu+McbMUwu00e5zQ5uRWGReeuyqCTOrQgFo1I5qzG0hC0L5UAw8
wu0SM5u4fhX7YTnrKOyK3Z5yE3LXWI5C0UT4CL9wJoVeYqPdYVuLyduRKRUdegUj
/5aBUSiMnq4QLeQfxlLu4DO8MWL5cd9VyiY7loBxNKklhInhWfmclm1UebuRJzj/
mMM2uVjBBzaLQ7HJKvPSGwoLcZ+bJjlUdtDxPHgPY3TTjIxiokRtgA/sBKPbDc0=
=wwTp
-----END PGP SIGNATURE-----
More information about the Gnupg-users
mailing list