One Private Key for several users

Lema KB kiblema at gmail.com
Mon Apr 22 15:43:54 CEST 2013


thank you all very much.

i'll follow the way from NdK. if it not works, than i set a right for users
to the folder with decrypted files. but to decrypt the files, there is one
account with which priv-key is created and with which they log in to
virtual machine (win2008) to decrypt files.. i do not see any other
solution, do you..

best regards,
newtogpg


On Mon, Apr 22, 2013 at 2:41 PM, Henry Hertz Hobbit <
hhhobbit at securemecca.net> wrote:

> On 04/22/2013 11:52 AM, Peter Lebbing wrote:
> > On 22/04/13 12:44, Henry Hertz Hobbit wrote:
> >> I just copy my whole key ring (contents of ~/.gnupg folder on Linux)
> >> among my multiple OS with the random_seed file modified with hexedit
> >> and the 0-9 & A-F modified with no plan (pure serendipity)
> >
> > I consider this bad advice; just don't copy the random_seed file and let
> each
> > system generate its own.
>
> They are on Windows.  I tried not copying random_seed and
> PGP4Win never generated a new random_seed file for me.  Maybe
> GnuPG for WIndows uses something else?
>
> > I also don't really see how it relates to OP's question.
>
> They wanted to know if they could have several people sharing
> the same secret (private) key.  I don't think it is practical.
> Actually they are on fishing expedition to find what will
> work best and don't seem to know how to ask for it.
>
> OTOH, if what they are searching for is a way that the files
> are encrypted but once the person is removed from the group
> (leaves the company etc.) there is no elegant solution.  You
> would need a separte publicly encrypted file for each person
> and they would still have all of the previous decrypted files
> even after they were removed from the group.  Again, it is
> not a practical solution.  If it is required by regulations
> (doubtful) that may be the best you can do.
>
> IMHO, NdK's response is best.  Use Windows ACL to control who
> has what.  I THINK that is what they are looking for anyway.
> They just want to control who has access to the files and how
> long they can have access.  On 'nix machines this could be done
> with a group.  If you are not in the ACL or group list, then
> you have no legitimate access to the files. Immediately remove
> those people that no longer need access from the ACL or group.
>
> HHH
>
>
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20130422/d071dd2a/attachment.html>


More information about the Gnupg-users mailing list