ed.edward wrote:
X-No-Archive: Yes
Hi,
I recently read PGP Enterprise doc and found the concept of
Additional
Decryption Keys ADK.
What are Additional Decryption Keys? According to the doc, An
Additional
Decryption Key (ADK) is a data recovery tool. This allows the
owner(s) of the Additional Decryption Key to decrypt any
information sent to the
user.
In my opinion, this is powerful security tool in situations
where an
employee is injured, incapacitated, or terminated, leaving
valuable
information encrypted.
If the security policy requires to enforce use of an ADK in PKI
environment and any information encrypted to a user’s key is also
encrypted with the Additional Decryption Key (public key).
How to implement ADK and force its usage in an OpenSSL
environment,
when a CA for example issue an PKCS12 for end-users?
I'd read standards (PKCS-12 and related) and
implement the functions wanted according to the specifications.
It might be do-and-try process in case it's not quite clear
exactly what new functions you'd like to have.
In case you'd like some help: I'm interested in a short-term project,
a paid one. Affordable.
Could "-certfile filename" option of pkcs12 command lead to
the same
concept of ADK?
pkcs12 was designed to put certificates (and keys) into PKCS-12 bags
Regards,
Vadym
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [email protected]
Automated List Manager [EMAIL PROTECTED]
