One Private Key for several users

Henry Hertz Hobbit hhhobbit at securemecca.net
Mon Apr 22 12:44:22 CEST 2013


On 04/22/2013 07:28 AM, Lema KB wrote:
> Hi all
> 
> Is there any other way of using one and the same private-key by several
> users, except exporting the priv-key?
> We are decrypting some csv-files on a virtual machine. and it's for us not
> so appropriate to share private-key through exporting. maybe there is a way
> out, like giving/taking the right to/from the group of windows users to
> decrypt the files.
> 
> If someone knows from you, would be very thankful. any help is also
> appreciated.

It kind of depends on whether or not you want to use symmetric ciphers
or public-key ciphers.  For symmetric ciphers you can all have your
own private / public key pair.  You could even use 7-Zip unless it
is precluded by regulations.  AES-128 with a great password is usually
more than adequate for many but by no means ALL purposes.  But a
symmetric enciphered file can be deciphered by anyone if they know
the password and have the software to decipher the file.

But if you are using email and public key encryption, when you
encipher the message to send to  multiple people, Enigmail in
Thunderbird and what ever is used in Claws Mail encrypts a separate
copy for everybody using EACH PERSON'S public key.

I just copy my whole key ring (contents of ~/.gnupg folder on Linux)
among my multiple OS with the random_seed file modified with hexedit
and the 0-9 & A-F modified with no plan (pure serendipity) so each of
them have a different random_seed file. There are no guarantees whether
or not that 'F' is going to be replaced by yet another 'F' or any
scheme at all of which nibble gets modified or not.  So each of my
keyrings has its own random_seed file.  ALL of my OS are 32 bit LE
versions even if 64 bit is available.  The two Linux systems have
ways of using all of the 7 GB and 12 GB of RAM (e.g. PAE for
Ubuntu) RAM available.  I rarely use Windows but have two Windows
7 OS.

You can get hexedit (binary) editors for Windows.

But if you have even mixed 32 bit LE and 64 bit LE that approach
will most likely NOT work (not tried, no proof, copying strongly
discouraged).  Ditto for BE (Macintosh Power PC, et al - copying
is IMPOSSIBLE).  You need to export / import under those conditions.
Just be sure to erase the files copied with a pretty strong eraser
for ALL of these files being transferred around, especially the
priv key export files.  I use the included AES-128 symmetric cipher
in 7-Zip for the transfer for anything copied to a flash drive.
You cannot use OpenPGP to do it because you have a chicken versus
egg problem; you are transferring what needs to be on the other
end to get it unpacked..

I apologize if there is a more elegant or better answer.  Does that
answer your question or were you asking something else?

HHH


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 553 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20130422/b981cb41/attachment.sig>


More information about the Gnupg-users mailing list