how to do
J. David Boyd
jdavidboyd at adboyd.com
Thu Jul 10 15:13:30 CEST 2014
"Paul R. Ramer" <free10pro at gmail.com> writes:
> On July 9, 2014 11:40:06 AM PDT, MFPA <2014-667rhzu3dc-lists-groups at riseup.net> wrote:
>>-----BEGIN PGP SIGNED MESSAGE-----
>>Hash: SHA512
>>
>>Hi
>>
>>
>>On Wednesday 9 July 2014 at 5:54:36 PM, in
>><mid:3222188.kZ1ztGDBqg at inno>, Hauke Laging wrote:
>>
>>
>>> Am Di 08.07.2014, 14:41:36 schrieb J. David Boyd:
>>>> which means that any of them can make changes to your
>>>> keys.
>>
>>> And that is wrong.
>>
>>Please can you elaborate on how it is incorrect to say that somebody
>>who knows the passphrase to a secret key can make changes to that key.
>>Would this maybe be the case when using an encryption subkey with an
>>offline main key?
>
> If you make encryption and signing subkeys you can export them
> (i.e. the secret subkeys), create a new gnupg home directory, import
> the subkeys, change the password on them, and finally, export and
> distribute them to the people who are supposed to use them.
>
> By doing this you can have a person who manages the master key
> separately under another password and the authorized users can use the
> encryption and signing secret subkeys without being able to make
> changes to them.
>
> The person who manages the master key can add new UIDs for the any new
> user and give that person a copy of the secret subkeys with the
> password. The only problem that I see right away is revoking control
> when one of the users leaves. One way that you could remedy this is
> to revoke the old subkeys and issue new ones.
>
> I am not recommending this method but it is a way that it can be done.
>
> Anyway...
>
> Cheers,
>
> -Paul
>
> --
> PGP: 3DB6D884
Wow, that would be a lot of work. Actually, I didn't even know you could do
that. GPG is versatile, to say the least.
Dave
PGP: 96569433
More information about the Gnupg-users
mailing list