Question regarding shared keys

vedaal at nym.hush.com vedaal at nym.hush.com
Mon Feb 28 15:29:27 CET 2011


>Date: Mon, 28 Feb 2011 08:07:03 +0100
>From: "Denise Schmid" <Chinatinte at gmx.ch>
>To: gnupg-users at gnupg.org
>Subject: Re: Question regarding shared keys
>Message-ID: <20110228070703.164560 at gmx.net>
>Content-Type: text/plain; charset="utf-8"

>Does this mean that, if you want to encrypt 
>a file, everybody has to use his/her key? 

no

The 'shared' key is only the secret key. Anyone, (even someone who 
has no share at all, i.e. an outside client of the company) can 
encrypt to the public key.


>The background of my 
>question is that a company claims that one of their managers has 
>forgotten the key and therefore, they can't decrypt some files.

Possible.

Usually though, 'shared' keys are used for 'signing' documents, 
proposals, orders, instructions, etc. that require a majority of 
the governing board, and the shares are set to that number of the 
majority required to pass the vote. 

It's less likely that ordinary documents or client files need 
decryption by a shared secret key, but is possible if the company 
wanted an 'excuse' to not decrypt the files, and intentionally did 
it this way.

If it were an 'excuse' though, and they really do need access to 
the files, then it's probably encrypted somewhere else too, where 
they 'can' decrypt, or there are some 'shares' stored away 
somewhere ...

If you're lucky, and they happened to sign anything with the shared 
key after the time they claimed not to be able to reconstruct the 
key, then you caught them.


vedaal




More information about the Gnupg-users mailing list