EldoS | Feel safer!

Software components for data protection, secure storage and transfer

PGP: Root & Sub-key systems

Posted: 12/22/2010 19:56:18
by Zane LEO (Standard support level)
Joined: 04/16/2006
Posts: 8

I have a need to create a hierarchical key store with the following basic requirement.

One root key pair that is able to be decipher/decrypt data created with any key created as a subordinate of the root key.

The root key will have a tree structure of keys under the root.

I know this can be achieved by embedding all public keys up the branches and including the root BUT this is operationally impractical and the control of the process can only be loosely enforced.

Help and all suggestions will be appreciated...



P.S. Best festive season greeting to all from Santa Down-under - Australia
Posted: 12/22/2010 20:32:21
by Ken Ivanov (Team)

Thank you for the greetings. Merry Christmas and Happy New Year to you and to Australia too!

Unfortunately, your goal (as far as I understood it) is hardly achievable with OpenPGPBlackbox. I have two questions therefore:

1) Are you restricted with OpenPGP standard? It would be easier to build a custom system that will do the job.
2) Could you please elaborate a little on your task, in particular:
- what is estimated depth of the key tree?
- do you need the root key to only be able to decrypt data created with immediate subordinate keys, or with deeper keys (subordinates of subordinate of ...) as well?
Posted: 12/23/2010 02:15:58
by Mykola Olshevsky (Basic support level)
Joined: 07/07/2005
Posts: 442

Hi. Also please note, that with OpenPGP you can encrypt file to multiple keys, i.e. you will be able to decrypt that file with root key as well as with subordinate ones. However, if the file will be encrypted only to subordinate key, you will not be able to do that.



Topic viewed 3039 times

Number of guests: 1, registered members: 0, in total hidden: 0


Back to top

As of July 15, 2016 EldoS business operates as a division of /n software, inc. For more information, please read the announcement.

Got it!