Discussion:
multiple users with the same private key
(too old to reply)
w***@gmail.com
2008-04-15 11:14:43 UTC
Permalink
Hi

I have a key pair that many users need to be able to use for
encryption and decryption. The key will have a generic email
address. The machines will have their own installations of pgp. If
one user generates a key pair, and then distributes the public and
private key to the other uses (securely). Can the other users set a
different passphrase to protect the private key?
Neil - Salem, MA USA
2008-04-15 13:23:22 UTC
Permalink
Post by w***@gmail.com
Hi
I have a key pair that many users need to be able to use for
encryption and decryption. The key will have a generic email
address. The machines will have their own installations of pgp. If
one user generates a key pair, and then distributes the public and
private key to the other uses (securely). Can the other users set a
different passphrase to protect the private key?
Yes, I believe that should be possible. Of course, if the original key pair
has a passphrase, you will need to tell those to whom you distribute the key
pair what it is. In order to change a passphrase, one must enter the old
passphrase.

I'm sure I don't have to remind you that when a key pair is distributed like
this, your security is essentially gone. Anyone of the recipients could
reveal the private key to others who should not have it.

Neil - Salem, MA USA
Dave English
2008-04-15 14:15:03 UTC
Permalink
Post by Neil - Salem, MA USA
Post by w***@gmail.com
Hi
I have a key pair that many users need to be able to use for
encryption and decryption. The key will have a generic email
address. The machines will have their own installations of pgp. If
one user generates a key pair, and then distributes the public and
private key to the other uses (securely). Can the other users set a
different passphrase to protect the private key?
Yes, I believe that should be possible. Of course, if the original key pair
has a passphrase, you will need to tell those to whom you distribute the key
pair what it is. In order to change a passphrase, one must enter the old
passphrase.
I'm sure I don't have to remind you that when a key pair is distributed like
this, your security is essentially gone. Anyone of the recipients could
reveal the private key to others who should not have it.
Might it not be better if each user had their own encryption key & then
the plaintext is encrypted to multiple keys.

That should be easier to control & eliminates the need for secure key
distribution (& redistribution on membership change)

Regards
--
Dave English Senior Software & Systems Engineer
Internet Platform Development, Thus plc
David E. Ross
2008-04-16 00:32:22 UTC
Permalink
Post by w***@gmail.com
Hi
I have a key pair that many users need to be able to use for
encryption and decryption. The key will have a generic email
address. The machines will have their own installations of pgp. If
one user generates a key pair, and then distributes the public and
private key to the other uses (securely). Can the other users set a
different passphrase to protect the private key?
Is your concern that your organization might need to decrypt an
organizational file when the person who encrypted it is not available?
Then you should consider a commercial (fee) version of PGP with the ADK
capability. For information about the ADK capability, see my
<http://www.rossde.com/PGP/pgp-adk.html>.

If this is indeed an organization, use of a non-commercial (free)
version of PGP -- which doesn't have the ADK capability -- might be
illegal.
--
David Ross
<http://www.rossde.com/>

Have you been using Netscape and now feel abandoned by AOL?
Then use SeaMonkey. Go to <http://www.seamonkey-project.org/>.
Loading...