Modernizing Web-of-trust for Organizations
2017-r3sgs86x8e-lists-groups at riseup.net
Thu Jan 4 03:37:23 CET 2018
-----BEGIN PGP SIGNED MESSAGE-----
On Thursday 4 January 2018 at 1:46:55 AM, in
<mid:63c961e8-1821-19cd-1aaa-2bb0d03f9b08 at gmail.com>, Lou Wynn wrote:-
> When I said for "both," I might have misunderstood what you meant by
> a shared keyring? Can you explain it a little bit?
PGP and GnuPG traditionally store private keys in a secret keyring and
public keys in a public keyring. Each user's secret keyring has just
their own secret keys. Each user's public keyring contains their own
public keys, plus other people's public keys for encrypting messages
or checking signatures. Multiple users' OpenPGP installations could
theoretically all be configured to point to the same shared keyring
files instead of each user having their own local keyring files (or
all their local keyring files could be kept in sync with a central
> My system doesn't
> share anything that is related to user private keys, except for that
> encrypted private keys are saved in a database.
If the user's OpenPGP software accesses that database each time it
needs to use the private key, the database is providing the same
function as the old secret keyring.
> An analogy is
> placing two people's encrypted PGP secret keyring on a file server,
> and decryption is still done at the client side. I'm not sure if
> this is what you meant by a shared keyring.
If my keyring and your keyring happened to be stored on the same
server but they were separate and there was no sharing or syncing
between them, it would not be a shared keyring.
MFPA <mailto:2017-r3sgs86x8e-lists-groups at riseup.net>
Is it bad luck to be superstitious?
-----BEGIN PGP SIGNATURE-----
-----END PGP SIGNATURE-----
More information about the Gnupg-users