On Thu, Jun 16, 2005 at 11:19:19AM -0500, Tony Shadwick wrote: > Just so I'm following then, let's say I have gnupg installed on my server, > and I'm creating all of my employee's secret keys there, then installing > gnupg on their workstations so that they can use local mail clients to > encrypt. > > What's to prevent them from chaning their secret key passphrase or > revoking the key themselves and creating a new public key, then publishing > that to the keyservers? (Other than knowing enough about gnupg in the > first place to do any of this of course...)
Change the ownership of the files in the .gnupg directory. Make them owned by user root and the user's individual group. Chmod gpg.conf and secring.gpg to 440. The other files can be 460. > Not to mention I've always wondering how gnupg plays with multiple > recipients or internal company mailing lists. For example if I send a > message to VIP1, VIP2, and VIP3, and it is an important internal document > that requires encryption, when I encrypt the message, won't it get > encrypted with VIP'1 public key, thus VIP2 and VIP3 won't be able to open > the message? Set up a named group in the keyring, that contains all the users in the mailing list. Or use pgpewrap, it comes with mutt, I think. Roland -- R.F.Smith (http://www.xs4all.nl/~rsmith/) Please send e-mail as plain text. public key: http://www.xs4all.nl/~rsmith/pubkey.txt
pgpSQfDHSz6fA.pgp
Description: PGP signature
