On 01/05/2018 10:13 AM, Andrew Gallagher wrote: > >> On 5 Jan 2018, at 08:41, Lou Wynn <lewis...@gmail.com> wrote: >> >> The only need for an >> organization to access their data is decrypting the encrypted data, >> which is satisfied by the auditing key. > > The standard way of doing this without allowing for impersonation is escrow > of the encryption subkey only. This can be done by encrypting the E subkey to > the auditing key, the private key of which is presumably well controlled.
The issue with that is that as long as the employee has private key for primary the individual can create new subkeys, and the primary will always have signing capability (if not always specified as usage flag). In most setups the employee won't need/shouldn't have the private key info for the primary for this (and a few other) reasons. -- ---------------------------- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk ---------------------------- Public OpenPGP keyblock at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 ---------------------------- "The journey of a thousand miles begins with one step." (Lao Tzu)
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
