trust your corporation for keyowner identification?

Johan Wevers johanw at
Thu Oct 17 15:07:54 CEST 2013

On 17-10-2013 12:37, Brian J. Murrell wrote:

>> If the key was generated, stored, or used on the company's computer,
>> all bets are off regarding Bob being the only one with access to a
>> copy.

> Why would it be?  There is no reason, with this verification scheme that
> anyone's private keys (or public keys for that matter) go anywhere near
> the company's computer.

Yes there is: the practical point of using those keys. Why would a HR
department sign employees keys? I assume to have the employee use it in
encrypted communications with collegues / customers / whoever. To do
that, the key needs to be on a company computer in most cases. There are
exceptions of cource (like working at home on your own hardware) but
they are not the norm so I wouldn't blindly assume that to be the case.

ir. J.C.A. Wevers
PGP/GPG public keys at

More information about the Gnupg-users mailing list