On 01/30/2014 01:59 AM, NdK wrote: > Il 30/01/2014 02:14, DUELL, BOB ha scritto: > >> I will appreciate any and all comments. If there is a "better way" to do >> this, I'd love to learn. > Every user in the group could "leak" the secret key. At least put it > into a smartcard/token connected to the server: they'll just be able to > *use* it.
Every user in the group could also destroy the secret key, if the
directory itself is still mode 777 -- write access on a directory means
you can unlink files from that directory, even if you don't have write
access to those files in particular.
A user just has to do:
rm /opt/app/apps/dbmprod/gpg/secring.gpg
and it seems likely that you will be unable to decrypt any further
messages (unless someone has already leaked the secret key as NdK
suggests, in which case maybe you could ask them for a copy :P)
--dkg
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
