tags:

views:

45

answers:

1
+3  Q: 

PGP passphrases in company

Friend of mine wanted introduce in his company emails PGP encryption for exchange mails with clients. He asked me to write easy app supporting that. I found useful dll wrapper - so it seems to be not very big deal to write app.

What puzzles me is security aspect. (I dont want to push him on the mine)
I know PGP uses private/public keys combination. It uses also passphrase to encrypt private key.
This is clear

But what if one of co-workers change passphrase before leave company?
Does it mean that firm will be not able to open archive mails with communication to clients?
(Sounds like best way to blackmail, vengeance etc...)

Assumption: all users' keys (pub + prv) are stored on users (network) home drive and backuped.
1st generated key's password is stored in envelope in safe box. So keys can be restored - but (I guess) keys can be useless when you dont know current password used for private key encryption?
(Correct me if I'm wrong!)

I wonder how you archive it! What's your experience?

+2  A: 

The encrypted private key is a blob. PGP usually stores it in a "keyring", which is a data structure of its own, but nothing prevents you from having a copy of that blob somewhere else (e.g. on a CDROM stored in a safe). This is generically known as "key escrow": a backup copy of the key, to be used if the key holder becomes unavailable (this includes "he was fired" but also "he was hit by a bus").

A user changing his passphrase would reencrypt his private key (the same private key) with his new passphrase, but the escrowed copy would be unaffected, and since this is the same private key, the situation can be recovered from.

What you need, however, is a company policy which enforces key pair generation through the escrowing system. A basic escrowing system consists of a system administrator with a PC: the sysadmin creates the key pair, stores a copy in the company safe, and hands the key pair to the user (e.g. on a USB stick). The user then imports it in his own keyring, with whatever passphrase he sees fit. The important point is that no employee shall ever use a key which has not been generated in such a way.

For digital signatures, situation is different: no data is lost if the private key becomes unavailable, and previously issued signatures are still valid and can still be verified. Normally, digital signature keys are not escrowed.

Thomas Pornin  2010-02-24 15:57:43

related questions

Encryption in C# Web-Services
How Do You Secure database.yml?
ASP.NET LocationProvider
What do you (or your company) use for wiping a machine?
Can a proxy server cache SSL GETs? If not, would response body encryption suffice?
Java: What is the best way to SFTP a file from a server
How do I call a Flex SWF from a remote domain using Flash (AS3) ?
Best way to store a database password in a startup script / config file?
Using VM to get around VPN restrictions
Best references for secure coding practices in ASP.NET and classic ASP.
Secure Memory Allocator in C++
Resolving Session Fixation in JBoss
Best Practices for securing a REST API / web service
Defensive programming
Personal Linux web server
Block user access to internals of a site using HTTP_REFERER
Is there an Unobtrusive Captcha for web forms?
My website got hacked... What should I do?
What all do I need to escape when sending a (My)SQL query?
How do you disable browser Autocomplete on web form field / input tag?
Best .NET obfuscation tools/strategy
Are there best practices for testing security in an Agile development shop?
What is the best way to avoid SQL injection attacks?
Found a critical bug, but the company doesn't care
PHP Session Security