EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Adding an additional decryption key

Posted: 10/22/2010 06:18:37
by Anthony Graham (Standard support level)
Joined: 10/20/2010
Posts: 4


We've built an app for our company, and one requirement we have is to ensure that all encrypted files are decryptable by one "master key"

For sending this is simple, our app can add the "master key" to the keys used for encryption.

But this does not help us with senders of files we receive sending using only the individual's key.

However we have noticed more and more people using PGP ADKs

so within their key they can put a "master key" as an ADK which when someone encrypts a file to them it's encrypted using their key and the embedded ADK.

How would we generate a key with an embeded ADK?

I assume the process will look like this:-
Load our private keypair for the master key into a PublicKey object
Generate a new keypair for the individual
somehow embed the public key from master key in the new keypair
save the new keypair with ADK in.

Could you advise how this is done?

I'm using C# if you have an example.

Many thanks,

- Anthony Graham
Posted: 10/25/2010 01:18:56
by Vsevolod Ievgiienko (Team)


The PGP ADK is not supported by owr components. But you can encrypt your files using additional passphrase or keypair that will be used as additional decryption key.
Posted: 10/25/2010 04:16:10
by Anthony Graham (Standard support level)
Joined: 10/20/2010
Posts: 4

Hi, I understand that we can encrypt using another key, but we need every employee's key to have an ADK embedded, so that when someone from another company encrypts a file to our employee, we can be sure that even if they are not present / have left the company we can open the file (PGP should only be used for business purposes) using the company key that was embedded as an ADK.

Is there some other approach we can take to ensure our public keys either have another key embedded that will be used, or that they have some sort of marker to say "please use this key too"


Posted: 10/25/2010 05:07:24
by Vsevolod Ievgiienko (Team)

You can try to solve the problem using subkeys (see ElPGPPublicSubkey for details).
Posted: 10/25/2010 06:15:19
by Eugene Mayevski (Team)

JFYI: ADK are patented by PGP so they will not be implemented. SecureBlackbox implements OpenPGP standard, and not proprietary and patented PGP extensions.

Sincerely yours
Eugene Mayevski



Topic viewed 1224 times

Number of guests: 1, registered members: 0, in total hidden: 0


Back to top

As of July 15, 2016 EldoS business operates as a division of /n software, inc. For more information, please read the announcement.

Got it!