Il 22/04/2013 09:28, Lema KB ha scritto: > Is there any other way of using one and the same private-key by several > users, except exporting the priv-key? > We are decrypting some csv-files on a virtual machine. and it's for us not > so appropriate to share private-key through exporting. maybe there is a way > out, like giving/taking the right to/from the group of windows users to > decrypt the files. Crypto doesn't work this way. The easiest (most versatile, less secure) solution: decrypt the files and leverage win's ACL system to make 'em readable only by the right group. The PGP-way of doing things (not easy but secure): treat the files as mails to multiple recipients. Session key is re-encrypted with the public key of every recipient. When you want to add a new user that can read old files, you have to add him as a recipient. If you want to revoke access, you have to delete the encoding of the session key under his public key. For every file. And for every added/deleted user.
As you can see, the secure way is mostly "static": doesn't like changes in who can read files. The other is much less secure but much more "versatile" (no need to change old files when staff changes). BYtE, Diego. _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
