EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Adding an additional decryption key

Also by EldoS: CallbackRegistry
A component to monitor and control Windows registry access and create virtual registry keys.
#14756
Posted: 10/22/2010 06:18:37
by Anthony Graham (Standard support level)
Joined: 10/20/2010
Posts: 4

Hello,

We've built an app for our company, and one requirement we have is to ensure that all encrypted files are decryptable by one "master key"

For sending this is simple, our app can add the "master key" to the keys used for encryption.

But this does not help us with senders of files we receive sending using only the individual's key.

However we have noticed more and more people using PGP ADKs
https://pgp.custhelp.com/app/answers/detail/a_id/1064/~/how-to%3A-add-an-adk---pgp-desktop-9.x-for-windows

so within their key they can put a "master key" as an ADK which when someone encrypts a file to them it's encrypted using their key and the embedded ADK.

How would we generate a key with an embeded ADK?

I assume the process will look like this:-
Load our private keypair for the master key into a PublicKey object
Generate a new keypair for the individual
somehow embed the public key from master key in the new keypair
save the new keypair with ADK in.

Could you advise how this is done?

I'm using C# if you have an example.

Many thanks,

- Anthony Graham
#14770
Posted: 10/25/2010 01:18:56
by Vsevolod Ievgiienko (EldoS Corp.)

Hello.

The PGP ADK is not supported by owr components. But you can encrypt your files using additional passphrase or keypair that will be used as additional decryption key.
#14775
Posted: 10/25/2010 04:16:10
by Anthony Graham (Standard support level)
Joined: 10/20/2010
Posts: 4

Hi, I understand that we can encrypt using another key, but we need every employee's key to have an ADK embedded, so that when someone from another company encrypts a file to our employee, we can be sure that even if they are not present / have left the company we can open the file (PGP should only be used for business purposes) using the company key that was embedded as an ADK.

Is there some other approach we can take to ensure our public keys either have another key embedded that will be used, or that they have some sort of marker to say "please use this key too"

Regards,

Anthony
#14776
Posted: 10/25/2010 05:07:24
by Vsevolod Ievgiienko (EldoS Corp.)

You can try to solve the problem using subkeys (see ElPGPPublicSubkey for details).
#14778
Posted: 10/25/2010 06:15:19
by Eugene Mayevski (EldoS Corp.)

JFYI: ADK are patented by PGP so they will not be implemented. SecureBlackbox implements OpenPGP standard, and not proprietary and patented PGP extensions.


Sincerely yours
Eugene Mayevski
Also by EldoS: CallbackDisk
Create virtual disks backed by memory or custom location, expose disk images as disks and more.

Reply

Statistics

Topic viewed 1132 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!