From owner-freebsd-questions@FreeBSD.ORG Thu Jun 16 17:42:16 2005 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DFBC016A442 for ; Thu, 16 Jun 2005 17:42:16 +0000 (GMT) (envelope-from rsmith@xs4all.nl) Received: from smtp-vbr15.xs4all.nl (smtp-vbr15.xs4all.nl [194.109.24.35]) by mx1.FreeBSD.org (Postfix) with ESMTP id 723B843D48 for ; Thu, 16 Jun 2005 17:42:16 +0000 (GMT) (envelope-from rsmith@xs4all.nl) Received: from slackbox.xs4all.nl (slackbox.xs4all.nl [213.84.242.160]) by smtp-vbr15.xs4all.nl (8.13.3/8.13.3) with ESMTP id j5GHg60i060131; Thu, 16 Jun 2005 19:42:06 +0200 (CEST) (envelope-from rsmith@xs4all.nl) Received: by slackbox.xs4all.nl (Postfix, from userid 1001) id F3385656A; Thu, 16 Jun 2005 19:42:05 +0200 (CEST) Date: Thu, 16 Jun 2005 19:42:05 +0200 From: Roland Smith To: Tony Shadwick Message-ID: <20050616174205.GC44491@slackbox.xs4all.nl> Mail-Followup-To: Tony Shadwick , Dan Nelson , freebsd-questions@freebsd.org References: <20050615180436.Q30082@mail.goinet.com> <20050616031022.GA14991@dan.emsphone.com> <20050616111512.L30082@mail.goinet.com> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="LwW0XdcUbUexiWVK" Content-Disposition: inline In-Reply-To: <20050616111512.L30082@mail.goinet.com> User-Agent: Mutt/1.4.2.1i X-GPG-Fingerprint: 1A2B 477F 9970 BA3C 2914 B7CE 1277 EFB0 C321 A725 X-GPG-Key: http://www.xs4all.nl/~rsmith/pubkey.txt X-GPG-Notice: If this message is not signed, don't assume I sent it! X-Virus-Scanned: by XS4ALL Virus Scanner Cc: Dan Nelson , freebsd-questions@freebsd.org Subject: Re: GnuPG in the enterprise X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 16 Jun 2005 17:42:17 -0000 --LwW0XdcUbUexiWVK Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Jun 16, 2005 at 11:19:19AM -0500, Tony Shadwick wrote: > Just so I'm following then, let's say I have gnupg installed on my server= ,=20 > and I'm creating all of my employee's secret keys there, then installing= =20 > gnupg on their workstations so that they can use local mail clients to=20 > encrypt. >=20 > What's to prevent them from chaning their secret key passphrase or=20 > revoking the key themselves and creating a new public key, then publishin= g=20 > that to the keyservers? (Other than knowing enough about gnupg in the=20 > first place to do any of this of course...) Change the ownership of the files in the .gnupg directory. Make them owned by user root and the user's individual group. Chmod gpg.conf and secring.gpg to 440. The other files can be 460. > Not to mention I've always wondering how gnupg plays with multiple=20 > recipients or internal company mailing lists. For example if I send a=20 > message to VIP1, VIP2, and VIP3, and it is an important internal document= =20 > that requires encryption, when I encrypt the message, won't it get=20 > encrypted with VIP'1 public key, thus VIP2 and VIP3 won't be able to open= =20 > the message? Set up a named group in the keyring, that contains all the users in the mailing list. Or use pgpewrap, it comes with mutt, I think. =20 Roland --=20 R.F.Smith (http://www.xs4all.nl/~rsmith/) Please send e-mail as plain text. public key: http://www.xs4all.nl/~rsmith/pubkey.txt --LwW0XdcUbUexiWVK Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (FreeBSD) iD8DBQFCsbntEnfvsMMhpyURAgACAJ9r/3q8G0HjgB0ujaBnrvBAq1oMYwCePVZQ LX5dpOAb1vYyFnedxzX0cfs= =EFnb -----END PGP SIGNATURE----- --LwW0XdcUbUexiWVK--