O, yes! I forgot about that :-( I understand SSSS as far as this goes.
Our company must decrypt ~100 files 7x24 in near real time. How can SSSS work - or any reasonable alternative - in such a production environment? ~ Mike On Thu, Nov 10, 2016 at 9:07 AM, Kristian Fiskerstrand < kristian.fiskerstr...@sumptuouscapital.com> wrote: > On 11/10/2016 03:50 PM, helices wrote: > > So would I! > > > > At this point, our company must achieve PCI DSS compliance before year > end, > > and the road to that necessity leads through this auditor, who insists > that > > PGP satisfies all requirements. > > > > There is no explanation that he shares with us. > > I'd expect it being reference to shamir secret sharing scheme that I > believe formed part of PGP at some point, but haven't really looked into > PGP for a while. This would allow e.g split key in 5 parts and require 2 > or 3 at the same time to access it. For the automated system, presumably > would require two administrators to set it up, and expectation that > nobody willfully modify the application or read the full private key in > memory for the regular operation, but at that point would hinder any one > admin to have access to the full key to use outside of the system. > > -- > ---------------------------- > Kristian Fiskerstrand > Blog: https://blog.sumptuouscapital.com > Twitter: @krifisk > ---------------------------- > Public OpenPGP keyblock at hkp://pool.sks-keyservers.net > fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 > ---------------------------- > Aut disce aut discede > Either learn or leave > >
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
