i wish to setup GNUpg for my work (i am the IT Administrator) but i have a few questions.
First: if the user creates a key and then leaves the company. assuming he/she didnt tell anyone the pass phrase and was the only key used, are those files locked for ever? if this is so my idea was the IT department (i.e. me) create the keys for all my users and use a complete random password for all, then backup those keys. then issue them to the user and allow them to change the pass phrase to something they prefer. then if the user leaves we can use the originally backed up key with the original password to decrypt the files they encrypted. will this work? i know it may sound like a security risk and ruin the whole point of encrypting in the first place but this is the only way i can think of safe gaurding the companies data (not users data). Also have another question. if a users key is compromised i.e. someone knows their pass phrase. should the user just change the pass phrase or should a new key be generated? and if a new key is needed will all the files that were encrypted with the old key be in danger of be decrypted or be totally useless without the old key? Sorry if this has been answered before or a dumb question. i am new to this stuff. -- View this message in context: http://www.nabble.com/IT-Department-having-the-secure-key.-tp24668288p24668288.html Sent from the GnuPG - User mailing list archive at Nabble.com. _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
