>Date: Mon, 28 Feb 2011 08:07:03 +0100 >From: "Denise Schmid" <chinati...@gmx.ch> >To: gnupg-users@gnupg.org >Subject: Re: Question regarding shared keys >Message-ID: <20110228070703.164...@gmx.net> >Content-Type: text/plain; charset="utf-8"
>Does this mean that, if you want to encrypt >a file, everybody has to use his/her key? no The 'shared' key is only the secret key. Anyone, (even someone who has no share at all, i.e. an outside client of the company) can encrypt to the public key. >The background of my >question is that a company claims that one of their managers has >forgotten the key and therefore, they can't decrypt some files. Possible. Usually though, 'shared' keys are used for 'signing' documents, proposals, orders, instructions, etc. that require a majority of the governing board, and the shares are set to that number of the majority required to pass the vote. It's less likely that ordinary documents or client files need decryption by a shared secret key, but is possible if the company wanted an 'excuse' to not decrypt the files, and intentionally did it this way. If it were an 'excuse' though, and they really do need access to the files, then it's probably encrypted somewhere else too, where they 'can' decrypt, or there are some 'shares' stored away somewhere ... If you're lucky, and they happened to sign anything with the shared key after the time they claimed not to be able to reconstruct the key, then you caught them. vedaal _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
