Questions about "--group" for group encryptions.

Grant Olson kgo at grant-olson.net
Thu Feb 25 00:30:16 CET 2010


On 2/24/2010 3:33 PM, Zy Zylek wrote:
>
> RE: "Group Key" again:
> While it's possible to use a shared group key, which allows for everyone
> to encrypt/decrypt with that group keypair, is it possible to increase
> the security (at least a little) - to prevent just anyone from getting
> the group keypair - by requiring one specific user (or one user's
> individual keypair) to serve as a means of authentication for permitting
> a new person to receive that shared group keypair?
>

Ultimately, that's a trust issue.  You have to trust people to behave
properly.  If they can access the key, or the unencrypted files, they
can copy them somewhere.  Some sort of token authentication, like a
smart card, or (not for gpg) a SecurID card, makes it harder for people
to cheat and hand their password out.

>
> I'm not sure I understand your question. In the literal sense, yes. This
> might help a little:
>
> User A is group admin, she has file 1, she encrypts it for the group.
> Any user with access to group-encrypted files can decrypt file 1.
>
> User B has file 2, she encrypts it for the group.
> Any user with access to group-encrypted files can decrypt file 2.
>
> User C has file 3, she encrypts it for the group.
> Any user with access to group-encrypted files can decrypt file 3.
>
> User A removes User B from the group, "B" can no longer encrypt/decrypt.
> User B has no access to group-encrypted files (old: 1, 2, 3, or new: 4+).
>
> User A adds User D to the group, "D" has access to group-encrypted files.
> User D has access to group-encrypted files (old: 1, 2, 3, or new: 4+).
>
> User D has file 4, she encrypts it for the group.
> Any user with access to group-encrypted files can decrypt file 4.
>

How are users exchanging files?  It almost sounds like what you really
want is some sort of secured file share that you can control via an
Access Control List.  Something like Samba, nfs, scp, web-dav...  Yes,
users could copy the unencrypted contents somewhere, but they could do
the same with gpg.

If they need to use the files offline and on the road, and that's why
you need encryption, you could store them on an encrypted filesystem
locally with something like TrueCrypt or LUKS or BitLocker.  When you
kill access to the share, they can't get any more updates.  Sure, they
might be able to grab the old data and copy it somewhere, if you can't
revoke their access to (for example) a laptop, but they could have
already done that before you killed the access.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 552 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20100224/47ade9fd/attachment.pgp>


More information about the Gnupg-users mailing list