Date: Thu, 16 Jun 2005 19:42:05 +0200 From: Roland Smith <rsmith@xs4all.nl> To: Tony Shadwick <tshadwick@goinet.com> Cc: Dan Nelson <dnelson@allantgroup.com>, freebsd-questions@freebsd.org Subject: Re: GnuPG in the enterprise Message-ID: <20050616174205.GC44491@slackbox.xs4all.nl> In-Reply-To: <20050616111512.L30082@mail.goinet.com> References: <20050615180436.Q30082@mail.goinet.com> <20050616031022.GA14991@dan.emsphone.com> <20050616111512.L30082@mail.goinet.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--LwW0XdcUbUexiWVK Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Jun 16, 2005 at 11:19:19AM -0500, Tony Shadwick wrote: > Just so I'm following then, let's say I have gnupg installed on my server= ,=20 > and I'm creating all of my employee's secret keys there, then installing= =20 > gnupg on their workstations so that they can use local mail clients to=20 > encrypt. >=20 > What's to prevent them from chaning their secret key passphrase or=20 > revoking the key themselves and creating a new public key, then publishin= g=20 > that to the keyservers? (Other than knowing enough about gnupg in the=20 > first place to do any of this of course...) Change the ownership of the files in the .gnupg directory. Make them owned by user root and the user's individual group. Chmod gpg.conf and secring.gpg to 440. The other files can be 460. > Not to mention I've always wondering how gnupg plays with multiple=20 > recipients or internal company mailing lists. For example if I send a=20 > message to VIP1, VIP2, and VIP3, and it is an important internal document= =20 > that requires encryption, when I encrypt the message, won't it get=20 > encrypted with VIP'1 public key, thus VIP2 and VIP3 won't be able to open= =20 > the message? Set up a named group in the keyring, that contains all the users in the mailing list. Or use pgpewrap, it comes with mutt, I think. =20 Roland --=20 R.F.Smith (http://www.xs4all.nl/~rsmith/) Please send e-mail as plain text. public key: http://www.xs4all.nl/~rsmith/pubkey.txt --LwW0XdcUbUexiWVK Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (FreeBSD) iD8DBQFCsbntEnfvsMMhpyURAgACAJ9r/3q8G0HjgB0ujaBnrvBAq1oMYwCePVZQ LX5dpOAb1vYyFnedxzX0cfs= =EFnb -----END PGP SIGNATURE----- --LwW0XdcUbUexiWVK--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050616174205.GC44491>