2005 OLS is this week!

Richard Esplin richjunk1 at byu.net
Mon Jul 18 23:30:32 MDT 2005


I've been thinking about the concept of encrypting information with multiple 
public keys. It seems that to decrypt this information it would require the 
use the private keys paired with all the public keys used during encryption. 
Though that would be desirable behavior in certain situations, it does not 
seem to be useful in this specific application. Can someone offer a 
clarification?

I see a lot of benefit to being able to encrypt information that is 
decryptable by multiple parties without them jointly sharing a secret, but I 
can not see how this would be possible. I have read some of the documentation 
about GnuPG and haven't found any mention of this functionality. I even 
skimmed the RFC. Would someone explain it to me?

I read about subkeys, but it appears from the documentation that subkeys are 
used mostly to allow revocation without losing trust signatures on the 
primary key. Can a primary key decrypt items encrypted with a subkey? How 
could that be possible?

Thanks in advance for any clarifications or helpful URLs offered.

Richard Esplin

On Monday 18 July 2005 16:11, Chris Carey wrote:
<snip>
> GnuPG-key encrypted means that a filesystem key (which
> is just a long line
> of random characters) is encrypted with GnuPG,
> possibly with more than one
> person's public key
<snip>
> An employee can change his GnuPG
> passphrase at any time, get hit by a bus, and drop
> dead. Corporate IT
> department dudes can still use their private key to
> mount the partition.
<snip>



More information about the PLUG mailing list