We have decided to decrypt using a "special" user and re-encrypt the
file to multiple users. Our concern is that unless we want to do this
manually it has to be scripted and that will require the "special"
user's passphrase to live in the script or on a server in plaintext. No
one in IS wants to add this to their daily responsibilities and we
really should not have access to the data anyway as it is meant for our
finance department.
David Shaw wrote:
On Fri, Aug 18, 2006 at 02:34:57PM -0500, Brian Rosenvinge wrote:
A vendor will be encrypting files for us and making them available via
FTP. We have three users that will decrypt the files at different
times. The vendor will not accept more than one key from us and we
wanted each of our users to have their own key for security and auditing
purposes down the line.
OpenPGP doesn't work that way. You can either give the single key to
each user, or have one "special" user decrypt the message and
then re-encrypt it to multiple users.
David
_______________________________________________
Gnupg-users mailing list
[email protected]
http://lists.gnupg.org/mailman/listinfo/gnupg-users
_______________________________________________
Gnupg-users mailing list
[email protected]
http://lists.gnupg.org/mailman/listinfo/gnupg-users
