On 11/10/2016 03:50 PM, helices wrote: > So would I! > > At this point, our company must achieve PCI DSS compliance before year end, > and the road to that necessity leads through this auditor, who insists that > PGP satisfies all requirements. > > There is no explanation that he shares with us.
I'd expect it being reference to shamir secret sharing scheme that I believe formed part of PGP at some point, but haven't really looked into PGP for a while. This would allow e.g split key in 5 parts and require 2 or 3 at the same time to access it. For the automated system, presumably would require two administrators to set it up, and expectation that nobody willfully modify the application or read the full private key in memory for the regular operation, but at that point would hinder any one admin to have access to the full key to use outside of the system. -- ---------------------------- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk ---------------------------- Public OpenPGP keyblock at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 ---------------------------- Aut disce aut discede Either learn or leave
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users