Corporate use of gnupg

David Shaw dshaw at jabberwocky.com
Tue Feb 19 14:33:55 CET 2008


On Fri, Feb 15, 2008 at 07:00:12PM -0800, Texaskilt wrote:
> 
> I guess what we are wanting is for every mail user to have their own
> public/private key.  This way they can encrypt their own email on the
> corporate system.
> 
> In addition, every email would also be encrypted using the "corporate key"
> that would be in the hands of a select few (supposedly).
> 
> For example, the sales force can send encrypted mail to each other, but when
> a salesperson leaves the company, the Email Admin can retreive and decrypt
> the email so that the salesperson's replacement can pick up their accounts
> without too much disruption.
> 
> Looks like this is ADK.  Is there any way to do this on gpg?

Yes.  Put "encrypt-to (the-adk-key)" in everyone's gpg.conf.

Of course, they could turn around and take it right out again.  Unless
you have pretty tight control over the environment, ADKs or
encrypt-tos are not foolproof (and that applies to both PGP and GPG).

As I said before, note that this isn't safe because of the crypto
math.  It's "safe" because you can fire people who don't do it.

David



More information about the Gnupg-users mailing list