Hi All Isnt it pretty easy to have a script on the server (try to) decrypt each email. If the email decrypts, fine else not allow the email to go through. That will force people to retain the option in conf file if they want their message to reach.
Regards Hardeep Singh http://www.SeeingWithC.org/ -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Shaw Sent: Tuesday, February 19, 2008 7:04 PM To: gnupg-users@gnupg.org Subject: Re: Corporate use of gnupg On Fri, Feb 15, 2008 at 07:00:12PM -0800, Texaskilt wrote: > > I guess what we are wanting is for every mail user to have their own > public/private key. This way they can encrypt their own email on the > corporate system. > > In addition, every email would also be encrypted using the "corporate key" > that would be in the hands of a select few (supposedly). > > For example, the sales force can send encrypted mail to each other, > but when a salesperson leaves the company, the Email Admin can > retreive and decrypt the email so that the salesperson's replacement > can pick up their accounts without too much disruption. > > Looks like this is ADK. Is there any way to do this on gpg? Yes. Put "encrypt-to (the-adk-key)" in everyone's gpg.conf. Of course, they could turn around and take it right out again. Unless you have pretty tight control over the environment, ADKs or encrypt-tos are not foolproof (and that applies to both PGP and GPG). As I said before, note that this isn't safe because of the crypto math. It's "safe" because you can fire people who don't do it. David _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users DISCLAIMER: ----------------------------------------------------------------------------------------------------------------------- The contents of this e-mail and any attachment(s) are confidential and intended for the named recipient(s) only. It shall not attach any liability on the originator or HCL or its affiliates. Any views or opinions presented in this email are solely those of the author and may not necessarily reflect the opinions of HCL or its affiliates. Any form of reproduction, dissemination, copying, disclosure, modification, distribution and / or publication of this message without the prior written consent of the author of this e-mail is strictly prohibited. If you have received this email in error please delete it and notify the sender immediately. Before opening any mail and attachments please check them for viruses and defect. ----------------------------------------------------------------------------------------------------------------------- _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
