Advice on key set-up for work at employer

taltman taltman at
Thu Aug 4 02:37:00 CEST 2016

Hash: SHA512

I would like people's advice on the optimal set-up for the following

I would like to use GPG encryption at my work, both for encrypting files
and for protecting email correspondence. The trick is that I can image
that at some point far in the future, if I need to leave my work for
whatever reason, they'd want access to those files.

The threat model here is, as an employee, I want to protect the
corporate data as best as I can, but I trust my employers to have access
to their own data. In other words, I'm not trying to hide anything from
my employer. I also anticipate that while unlikely that they'd be
interested in getting access to this data, I still need to provide a
mechanism for them to retain access. I'm assuming that this will involve
giving them access to the keyring files, and the password to the keyring

Assuming that I couldn't just re-encrypt everything to a different key
at that far-flung date, and that I wouldn't want to forfeit my private
key and password to my personal GPG keyring, I think that the following
set up would be optimal:

1. Create a new GPG keyring specific for my identity with my employer
2. Cross-sign my existing personal GPG key with the employer-specific
GPG key
3. Do proper key hygiene things (backups, revocation certs, etc.) on
employer-specific key

It seems with this set-up I can simply just turn over the password to
the private key of the employer-specific GPG keyring if I'm ever
obligated to give them access to their files. This keeps a nice clean
separation between their property, and my personal GPG keyring. When it
comes time to end my time at the employer, I can revoke the
employer-specific key. If I no longer am able to use the
employer-specific GPG keyring, I can at least revoke my signature of the
employer-specific keyring if my former employer gains the password to
the keyring.

As far as I can tell, just creating a separate employer-specific set of
signing/encrypting/authenticating sub-keys wouldn't be sufficient, but
I'm open to someone showing me that I'm mistaken.

I'd be interested in hearing people's thoughts on this scenario. Thanks
in advance!

Best regards,

~Tomer Altman

- -- 
- ---

Encrypted email preferred.
GPG Public Key:
Key fingerprint = DFE8 7D60 D452 9C4F 5D1F  7515 F55F BB30 1719 7991


More information about the Gnupg-users mailing list