One Private Key for several users
ndk.clanbo at gmail.com
Mon Apr 22 11:17:04 CEST 2013
Il 22/04/2013 09:28, Lema KB ha scritto:
> Is there any other way of using one and the same private-key by several
> users, except exporting the priv-key?
> We are decrypting some csv-files on a virtual machine. and it's for us not
> so appropriate to share private-key through exporting. maybe there is a way
> out, like giving/taking the right to/from the group of windows users to
> decrypt the files.
Crypto doesn't work this way.
The easiest (most versatile, less secure) solution: decrypt the files
and leverage win's ACL system to make 'em readable only by the right group.
The PGP-way of doing things (not easy but secure): treat the files as
mails to multiple recipients. Session key is re-encrypted with the
public key of every recipient. When you want to add a new user that can
read old files, you have to add him as a recipient. If you want to
revoke access, you have to delete the encoding of the session key under
his public key. For every file. And for every added/deleted user.
As you can see, the secure way is mostly "static": doesn't like changes
in who can read files. The other is much less secure but much more
"versatile" (no need to change old files when staff changes).
More information about the Gnupg-users