One Private Key for several users

Henry Hertz Hobbit hhhobbit at securemecca.net
Mon Apr 22 14:41:11 CEST 2013


On 04/22/2013 11:52 AM, Peter Lebbing wrote:
> On 22/04/13 12:44, Henry Hertz Hobbit wrote:
>> I just copy my whole key ring (contents of ~/.gnupg folder on Linux)
>> among my multiple OS with the random_seed file modified with hexedit
>> and the 0-9 & A-F modified with no plan (pure serendipity)
> 
> I consider this bad advice; just don't copy the random_seed file and let each
> system generate its own.

They are on Windows.  I tried not copying random_seed and
PGP4Win never generated a new random_seed file for me.  Maybe
GnuPG for WIndows uses something else?

> I also don't really see how it relates to OP's question.

They wanted to know if they could have several people sharing
the same secret (private) key.  I don't think it is practical.
Actually they are on fishing expedition to find what will
work best and don't seem to know how to ask for it.

OTOH, if what they are searching for is a way that the files
are encrypted but once the person is removed from the group
(leaves the company etc.) there is no elegant solution.  You
would need a separte publicly encrypted file for each person
and they would still have all of the previous decrypted files
even after they were removed from the group.  Again, it is
not a practical solution.  If it is required by regulations
(doubtful) that may be the best you can do.

IMHO, NdK's response is best.  Use Windows ACL to control who
has what.  I THINK that is what they are looking for anyway.
They just want to control who has access to the files and how
long they can have access.  On 'nix machines this could be done
with a group.  If you are not in the ACL or group list, then
you have no legitimate access to the files. Immediately remove
those people that no longer need access from the ACL or group.

HHH




More information about the Gnupg-users mailing list