One Private Key for several users

[NdK]

Il 22/04/2013 09:28, Lema KB ha scritto:
> Is there any other way of using one and the same private-key by several
> users, except exporting the priv-key?
> We are decrypting some csv-files on a virtual machine. and it's for us not
> so appropriate to share private-key through exporting. maybe there is a way
> out, like giving/taking the right to/from the group of windows users to
> decrypt the files.
Crypto doesn't work this way.
The easiest (most versatile, less secure) solution: decrypt the files
and leverage win's ACL system to make 'em readable only by the right group.
The PGP-way of doing things (not easy but secure): treat the files as
mails to multiple recipients. Session key is re-encrypted with the
public key of every recipient. When you want to add a new user that can
read old files, you have to add him as a recipient. If you want to
revoke access, you have to delete the encoding of the session key under
his public key. For every file. And for every added/deleted user.

As you can see, the secure way is mostly "static": doesn't like changes
in who can read files. The other is much less secure but much more
"versatile" (no need to change old files when staff changes).

BYtE,
 Diego.