Trusted Revoker... and Key Server - PGP

This is a discussion on Trusted Revoker... and Key Server - PGP ; i'm currently using GnuPG and GPGShell.. We are planning to implement this solution in our organisationto secure our data. I have run into the following two problems... 1. How do add a trusted revoker like in MIT PGP ? e.g. ...

+ Reply to Thread
Results 1 to 3 of 3

Thread: Trusted Revoker... and Key Server

  1. Trusted Revoker... and Key Server

    i'm currently using GnuPG and GPGShell..
    We are planning to implement this solution in our organisationto secure
    our data.

    I have run into the following two problems...

    1. How do add a trusted revoker like in MIT PGP ?
    e.g. Every employee has his own key pair. All the public keys are
    stored in a company key server. But now suppose the employee leaves
    then the administrator should be a trusted revoker to revoke his key
    from teh database.... How can this be implemented ?

    2. Also can u tell me some software which will allow me to setup my own
    key server ?? i have tried MIT "PGP Certificate Server". Is it possible
    for the admin of the key server to manually remove any key which are
    not currently being used Old Keys ??


    Also are there and other better solutiions which can help me to secure


  2. Re: Trusted Revoker... and Key Server

    daylebo5@gmail.com wrote:
    > i'm currently using GnuPG and GPGShell..
    > We are planning to implement this solution in our organisationto secure
    > our data.
    >
    > I have run into the following two problems...
    >
    > 1. How do add a trusted revoker like in MIT PGP ?
    > e.g. Every employee has his own key pair. All the public keys are
    > stored in a company key server. But now suppose the employee leaves
    > then the administrator should be a trusted revoker to revoke his key
    > from teh database.... How can this be implemented ?


    Using GnuPG, type
    gpg --edit (thekey)
    addrevoker

    I don't know, but wouldn't be surprised, if GPGShell has some point
    and click way to do that.

    > 2. Also can u tell me some software which will allow me to setup my own
    > key server ?? i have tried MIT "PGP Certificate Server". Is it possible
    > for the admin of the key server to manually remove any key which are
    > not currently being used Old Keys ??


    It depends on what you want the keyserver for. Two different ways to
    go about it are SKS (http://www.nongnu.org/sks/), and LDAP (regular
    OpenLDAP from www.openldap.org).

    David

  3. Re: Trusted Revoker... and Key Server

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA256


    David Shaw wrote:

    > Using GnuPG, type
    > gpg --edit (thekey)
    > addrevoker
    >
    > I don't know, but wouldn't be surprised, if GPGShell has some

    point
    > and click way to do that.


    not yet

    gpgshell 3.44 has a point and click interface for the gpg -edit
    function,
    by opening gpgkeys, and clicking on CLI

    the drop-down menu offers the following functions for gpg -edit
    :
    adduid
    disable
    enable
    expire
    pref
    showpref
    trust

    showphoto is also a point and click from keymanager

    winpt (0.9.93) allows for the following gpg -edit choices:

    adduid
    addphoto
    addrevoker
    deluid
    delkey
    delphoto
    expire
    showpref
    passwd
    primary
    trust
    revuid
    revkey
    disable
    enable
    showphoto

    vedaal

    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.4.1 (MingW32) - WinPT 0.9.93-cvs
    Comment: Acts of Kindness better the World, and protect the Soul

    iQIVAwUBQsLm2VqiDIZqWJqXAQhuTQ//dk5/1QZ6DWW0sz2vdDmmL4Abz30ykYeJ
    lMet7kqFy/6qxbS0nu8ZFLVX8YGny3gGHe0V8nfRhhmy+i8i6kj+2K1R5CQy yq3O
    giMhysnYhjyuuViXgwrOPjCEdF5POTKJ9hSB0ZxVPo4S0hhA/x0miAG9RYfJpjuG
    aY1atH48uD97PueMC/3kyljc3dAl56Ov4Qu1/rlY1Il9ndrNCz9vRbHvn3yl+3gP
    +b515ObZcMqt6vLSLdofAfGyQ/78Kj+tEjHKCU9a9DLU30ZEwvKO71T5B7VbmVY9
    ISfsaNN1frkwiPmUh4GonTjqiR9PryblQWuE3hhg2UYXHweL2I NeC7tcnibF/Bcu
    8skvxpGArrkfjKjKy1BynjB33tpXvahXN9wvwAdOIROw2wyq7f n9XKkHuKO55uND
    4FqZSmjQuQn6JdEBnhwkMV2Yezasl+sh/TC9nwIaDtctKCMKSgqc+Jc5yV1X3kqh
    ir6JhZgyQwuC0rM0NvQPZQ7JzgNxSfOZAT0e5oMBdG5vlHmdxc OcjIYA5eGsfXqm
    XhRkHsRWwoGvW1QmWeBeYD8smBt0+e963hqzt99c4ssKAEoAU6 TDSdweR39kQzC2
    SCggzCs0CZ1HQEBepGF5Yi0YeCp6KO61EjWz9xhasrFgicgwB2 vF8J7XlM14u56u
    oPZwTAxFcv4=
    =gO8d
    -----END PGP SIGNATURE-----


+ Reply to Thread