|
»
« Return to Thread: Corporate use of gnupg
Re: Corporate use of gnupg
by Texaskilt
::
Rate this Message:
I guess what we are wanting is for every mail user to have their own public/private key. This way they can encrypt their own email on the corporate system.
In addition, every email would also be encrypted using the "corporate key" that would be in the hands of a select few (supposedly).
For example, the sales force can send encrypted mail to each other, but when a salesperson leaves the company, the Email Admin can retreive and decrypt the email so that the salesperson's replacement can pick up their accounts without too much disruption.
Looks like this is ADK. Is there any way to do this on gpg?
Thanks,
TK
In addition, every email would also be encrypted using the "corporate key" that would be in the hands of a select few (supposedly).
For example, the sales force can send encrypted mail to each other, but when a salesperson leaves the company, the Email Admin can retreive and decrypt the email so that the salesperson's replacement can pick up their accounts without too much disruption.
Looks like this is ADK. Is there any way to do this on gpg?
Thanks,
TK
David Shaw wrote:On Wed, Feb 06, 2008 at 11:35:14AM -0800, Texaskilt wrote:
>
> Apologies if this has already been asked. Honestly, I did my homework and
> looked in the archives!
>
> I am wanting to setup up users to use GnuPG for encrypting email, mainly for
> internal e-mail.
>
> Unfortunately, the "powers-that-be" want everyone that encrypts an email to
> also encrypt it to the "corporate secret key". Their reasoning is that if a
> person leaves, they want to have access to the old emails in case there is a
> "business critical" email in there.
This is essentially the rationale behind the "ADK" (additional
decryption key) feature of PGP.
> Is there a way to "force" users to encrypt to a corporate key, in addition
> to the receipient's key?
It depends on how strong the term "force" is. Even in PGP, the ADK
system can be circumvented if the person tries hard enough.
If you trust your employees to not hack you, then you can just stick a
"encrypt-to (the keyid)" in everyone's gpg.conf file and give everyone
a copy of the corporate public key.
Note that this isn't safe because of the crypto math. It's "safe"
because you can fire people that don't do it ;)
David
_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
« Return to Thread: Corporate use of gnupg
| Free embeddable forum powered by Nabble | Forum Help |
