然而,您需要的是通过托管系统强制生成密钥对的公司策略。基本的托管系统由具有 PC 的系统管理员组成:系统管理员创建密钥对,将副本存储在公司保险箱中,并将密钥对交给用户(例如在 USB 记忆棒上)。然后,用户使用他认为合适的任何密码短语将其导入到自己的密钥环中。重要的一点是,任何员工都不得使用不是以这种方式生成的密钥。
The encrypted private key is a blob. PGP usually stores it in a "keyring", which is a data structure of its own, but nothing prevents you from having a copy of that blob somewhere else (e.g. on a CDROM stored in a safe). This is generically known as "key escrow": a backup copy of the key, to be used if the key holder becomes unavailable (this includes "he was fired" but also "he was hit by a bus").
A user changing his passphrase would reencrypt his private key (the same private key) with his new passphrase, but the escrowed copy would be unaffected, and since this is the same private key, the situation can be recovered from.
What you need, however, is a company policy which enforces key pair generation through the escrowing system. A basic escrowing system consists of a system administrator with a PC: the sysadmin creates the key pair, stores a copy in the company safe, and hands the key pair to the user (e.g. on a USB stick). The user then imports it in his own keyring, with whatever passphrase he sees fit. The important point is that no employee shall ever use a key which has not been generated in such a way.
For digital signatures, situation is different: no data is lost if the private key becomes unavailable, and previously issued signatures are still valid and can still be verified. Normally, digital signature keys are not escrowed.
发布评论
评论(1)
加密的私钥是一个 blob。 PGP 通常将其存储在“密钥环”中,这是它自己的数据结构,但没有什么可以阻止您在其他地方拥有该 blob 的副本(例如,存储在保险箱中的 CDROM 上)。这通常称为“密钥托管”:密钥的备份副本,在密钥持有者不可用时使用(这包括“他被解雇”,但也包括“他被公共汽车撞了”)。
更改密码的用户将使用新密码重新加密其私钥(相同私钥),但托管副本不会受到影响,并且由于这是相同的私钥,因此情况可以恢复从。
然而,您需要的是通过托管系统强制生成密钥对的公司策略。基本的托管系统由具有 PC 的系统管理员组成:系统管理员创建密钥对,将副本存储在公司保险箱中,并将密钥对交给用户(例如在 USB 记忆棒上)。然后,用户使用他认为合适的任何密码短语将其导入到自己的密钥环中。重要的一点是,任何员工都不得使用不是以这种方式生成的密钥。
对于数字签名,情况有所不同:如果私钥不可用,数据不会丢失,并且先前发布的签名仍然有效并且仍然可以被验证。通常,数字签名密钥不被托管。
The encrypted private key is a blob. PGP usually stores it in a "keyring", which is a data structure of its own, but nothing prevents you from having a copy of that blob somewhere else (e.g. on a CDROM stored in a safe). This is generically known as "key escrow": a backup copy of the key, to be used if the key holder becomes unavailable (this includes "he was fired" but also "he was hit by a bus").
A user changing his passphrase would reencrypt his private key (the same private key) with his new passphrase, but the escrowed copy would be unaffected, and since this is the same private key, the situation can be recovered from.
What you need, however, is a company policy which enforces key pair generation through the escrowing system. A basic escrowing system consists of a system administrator with a PC: the sysadmin creates the key pair, stores a copy in the company safe, and hands the key pair to the user (e.g. on a USB stick). The user then imports it in his own keyring, with whatever passphrase he sees fit. The important point is that no employee shall ever use a key which has not been generated in such a way.
For digital signatures, situation is different: no data is lost if the private key becomes unavailable, and previously issued signatures are still valid and can still be verified. Normally, digital signature keys are not escrowed.