Although it is controversial, look into key escrow. One possibility is to allow (require via policy?) users to encrypt data to a single central escrow key (that you store offline) in addition to any other keys they use. Then if recovery is required, the escrow key can be used to decrypt the data.
The policies and procedures for use of this *must* be well defined up front. How and under what circumstances this is used, etc. Otherwise you risk losing the trust of your users. One possibility is to encrypt the escrow private key, storing the passphrase separately from the key so that two parties are required to recover data (e.g. put the key on a CD or USB stick in one safe, put the passphrase in a sealed envelope in a different safe) Just thoughts. Jim -----Original Message----- From: gnupg-users-boun...@gnupg.org [mailto:gnupg-users-boun...@gnupg.org] On Behalf Of arcintl Sent: Sunday, July 26, 2009 12:27 PM To: gnupg-users@gnupg.org Subject: IT Department having the secure key. i wish to setup GNUpg for my work (i am the IT Administrator) but i have a few questions. First: if the user creates a key and then leaves the company. assuming he/she didnt tell anyone the pass phrase and was the only key used, are those files locked for ever? if this is so my idea was the IT department (i.e. me) create the keys for all my users and use a complete random password for all, then backup those keys. then issue them to the user and allow them to change the pass phrase to something they prefer. then if the user leaves we can use the originally backed up key with the original password to decrypt the files they encrypted. will this work? i know it may sound like a security risk and ruin the whole point of encrypting in the first place but this is the only way i can think of safe gaurding the companies data (not users data). Also have another question. if a users key is compromised i.e. someone knows their pass phrase. should the user just change the pass phrase or should a new key be generated? and if a new key is needed will all the files that were encrypted with the old key be in danger of be decrypted or be totally useless without the old key? Sorry if this has been answered before or a dumb question. i am new to this stuff. -- View this message in context: http://www.nabble.com/IT-Department-having-the-secure-key.-tp24668288p246682 88.html Sent from the GnuPG - User mailing list archive at Nabble.com. _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
