Optimal setup for corporate keys
flapflap
flapflap at riseup.net
Sun Jul 19 19:01:37 CEST 2015
Greg Sabino Mullane:
>
>
>> We exchange sensitive files with multiple corporate partners and would like
>> to set our keys up so that a single private key compromise does not require
>> generating new keys for all partners.
>
>> 1) Should we generate separate pub / priv key pairs for all partners?
>
> Yes. It's best to keep everyone as separated as possible.
Probably, it is a non-issue in this specific case (you already know the
files you send to your partners), but in general one (here: your
partners) should not use secret keys generated by others because they
are not /secret/ to oneself anymore.
Simply let your partners generate their pub/sec key pairs and then
exchange them.
More information about the Gnupg-users
mailing list