IT Department having the secure key.
David Shaw
dshaw at JABBERWOCKY.COM
Mon Jul 27 16:34:12 CEST 2009
On Jul 27, 2009, at 8:29 AM, Daniel Kahn Gillmor wrote:
>> And: You can only encrypt the files for one key. So only one user
>> will have
>> access to the files (owns the files), as long as you don't share
>> the keys. For
>> example you can introduce company wide keys or deparmtement keys
>> and distribute
>> them to anyone, who should have access.
>
> You actually can encrypt files to more than one OpenPGP key, so that
> anyone holding any of the recipient keys can decrypt the data. Maybe
> this approach would be useful for the OP?
>
> If, as IT administrator, you have the opportunity to configure your
> users' ~/.gnupg/gpg.conf, you could add a line like
>
> recipient 0xDEADBEEFDEADBEEF
>
> to specify that all encryptions will automatically be encrypted to a
> key
> that you retain for the kind of emergency recovery scenarios you
> describe.
I'd use "encrypt-to" instead of "recipient", but basically, yes, that
will work. It's a reasonably common solution for the problem.
This is similar in effect to PGP.com's additional decryption key (the
ADK has better granularity as it works on a per-key basis, but the
concept is the same). However, note that this (and the ADK) both are
only really effective with an honest user. If a user wants to
manipulate their key to remove the ADK (which is trivial) or edit
their gpg.conf to remove the extra encrypt-to line, then you'd need a
more central (and not under user control) way to guard against
trouble. For example, if we're just talking about email, you could
tweak your mail server to check to see if the extra recipient was
present and if not, reject the message, etc. I believe the PGP folks
have some variant of this ability, but you'd have to ask them for the
details.
David
More information about the Gnupg-users
mailing list