X-No-Archive: Yes
Hi, I recently read PGP Enterprise doc and found the concept of Additional Decryption Keys ADK. What are Additional Decryption Keys? According to the doc, An Additional Decryption Key (ADK) is a data recovery tool. This allows the owner(s) of the Additional Decryption Key to decrypt any information sent to the user. In my opinion, this is powerful security tool in situations where an employee is injured, incapacitated, or terminated, leaving valuable information encrypted. If the security policy requires to enforce use of an ADK in PKI environment and any information encrypted to a user�s key is also encrypted with the Additional Decryption Key (public key). How to implement ADK and force its usage in an OpenSSL environment, when a CA for example issue an PKCS12 for end-users? Could "-certfile filename" option of pkcs12 command lead to the same concept of ADK? Regards -- Ed. Acc�dez au courrier �lectronique de La Poste : www.laposte.net ; 3615 LAPOSTENET (0,34�/mn) ; t�l : 08 92 68 13 50 (0,34�/mn) ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [email protected] Automated List Manager [EMAIL PROTECTED]
