Hello Daniel,

> Do you want to require multiple people to come together to use that
> secret key?  or do you want them each to have the ability to use the key
> independently from each other?

The objective is require multiple people to use that secret key. Yes

> The answer about what to do would depend on how you want the key to be
> used.

Basically this key would a part of the encryption group of all the other
credentails. And to be the only key to encrypt extremely sensitive data

> It's not clear to me that we have a functional workflow to support the
> first scenario (where multiple people must come together to use the
> secret key) without a lot of overhead for the users.

> My understanding is that the Tails community does something like this,
> but they are a highly-technical group who are willing to custom-build
> their own tools and to endure quite a bit of tedious and inconvenient
> process to protect the safety of their users.

Do they have this documented somewhere.

> Consider that anyone who ever has access to the raw secret material of
> the shared key can effectively make a copy of it and then use it
> elsewhere in the future.
Yes, the key joining is a whole proccess on an offline machine with the presence
of all elements.

> If you can define your desired use cases more clearly, maybe someone on
> this list can propose an effective workflow for you.

I am open to any suggestions.

Thank you for you input!

-- 
Alfredo Palhares
GPG/PGP Key Fingerprint
68FC B06A 6C22 8B9B F110
38D6 E8F7 4D1F 0763 CAAD

Attachment: signature.asc
Description: PGP signature

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Reply via email to