One Private Key for several users
kiblema at gmail.com
Mon Apr 22 15:43:54 CEST 2013
thank you all very much.
i'll follow the way from NdK. if it not works, than i set a right for users
to the folder with decrypted files. but to decrypt the files, there is one
account with which priv-key is created and with which they log in to
virtual machine (win2008) to decrypt files.. i do not see any other
solution, do you..
On Mon, Apr 22, 2013 at 2:41 PM, Henry Hertz Hobbit <
hhhobbit at securemecca.net> wrote:
> On 04/22/2013 11:52 AM, Peter Lebbing wrote:
> > On 22/04/13 12:44, Henry Hertz Hobbit wrote:
> >> I just copy my whole key ring (contents of ~/.gnupg folder on Linux)
> >> among my multiple OS with the random_seed file modified with hexedit
> >> and the 0-9 & A-F modified with no plan (pure serendipity)
> > I consider this bad advice; just don't copy the random_seed file and let
> > system generate its own.
> They are on Windows. I tried not copying random_seed and
> PGP4Win never generated a new random_seed file for me. Maybe
> GnuPG for WIndows uses something else?
> > I also don't really see how it relates to OP's question.
> They wanted to know if they could have several people sharing
> the same secret (private) key. I don't think it is practical.
> Actually they are on fishing expedition to find what will
> work best and don't seem to know how to ask for it.
> OTOH, if what they are searching for is a way that the files
> are encrypted but once the person is removed from the group
> (leaves the company etc.) there is no elegant solution. You
> would need a separte publicly encrypted file for each person
> and they would still have all of the previous decrypted files
> even after they were removed from the group. Again, it is
> not a practical solution. If it is required by regulations
> (doubtful) that may be the best you can do.
> IMHO, NdK's response is best. Use Windows ACL to control who
> has what. I THINK that is what they are looking for anyway.
> They just want to control who has access to the files and how
> long they can have access. On 'nix machines this could be done
> with a group. If you are not in the ACL or group list, then
> you have no legitimate access to the files. Immediately remove
> those people that no longer need access from the ACL or group.
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Gnupg-users