On Jul 27, 2009, at 8:29 AM, Daniel Kahn Gillmor wrote:
And: You can only encrypt the files for one key. So only one user
will have
access to the files (owns the files), as long as you don't share
the keys. For
example you can introduce company wide keys or deparmtement keys
and distribute
them to anyone, who should have access.
You actually can encrypt files to more than one OpenPGP key, so that
anyone holding any of the recipient keys can decrypt the data. Maybe
this approach would be useful for the OP?
If, as IT administrator, you have the opportunity to configure your
users' ~/.gnupg/gpg.conf, you could add a line like
recipient 0xDEADBEEFDEADBEEF
to specify that all encryptions will automatically be encrypted to a
key
that you retain for the kind of emergency recovery scenarios you
describe.
I'd use "encrypt-to" instead of "recipient", but basically, yes, that
will work. It's a reasonably common solution for the problem.
This is similar in effect to PGP.com's additional decryption key (the
ADK has better granularity as it works on a per-key basis, but the
concept is the same). However, note that this (and the ADK) both are
only really effective with an honest user. If a user wants to
manipulate their key to remove the ADK (which is trivial) or edit
their gpg.conf to remove the extra encrypt-to line, then you'd need a
more central (and not under user control) way to guard against
trouble. For example, if we're just talking about email, you could
tweak your mail server to check to see if the extra recipient was
present and if not, reject the message, etc. I believe the PGP folks
have some variant of this ability, but you'd have to ask them for the
details.
David
_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
