On Fri, Feb 15, 2008 at 07:00:12PM -0800, Texaskilt wrote: > > I guess what we are wanting is for every mail user to have their own > public/private key. This way they can encrypt their own email on the > corporate system. > > In addition, every email would also be encrypted using the "corporate key" > that would be in the hands of a select few (supposedly). > > For example, the sales force can send encrypted mail to each other, but when > a salesperson leaves the company, the Email Admin can retreive and decrypt > the email so that the salesperson's replacement can pick up their accounts > without too much disruption. > > Looks like this is ADK. Is there any way to do this on gpg?
Yes. Put "encrypt-to (the-adk-key)" in everyone's gpg.conf. Of course, they could turn around and take it right out again. Unless you have pretty tight control over the environment, ADKs or encrypt-tos are not foolproof (and that applies to both PGP and GPG). As I said before, note that this isn't safe because of the crypto math. It's "safe" because you can fire people who don't do it. David _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
