1

We have this topology in our company :

enter image description here

A new rule says that each document being sent by outlook should be encrypted.

we decided using PGP.

We already have a certificate ( self signed).

the problem is this :

john and paul install the certificate .

john encrypt using the public key. and send the pgp file to paul.

paul need the private key in order to open it ( +verify it).

but wait !

private key is private ! and paul should not have access to it.

so how will paul decrpyt john's data ?

What am I missing ?

(p.s. I know I can install pgp as an addon into outlook - but I'm trying to understand the concept of paul not being able to have the private key.)

Royi Namir
  • 137
  • 1
  • 14

2 Answers2

3

The classical approach is that every user should have his own key pair (private/public). The public keys should be available to all users (using a LDAP server for example), hence, when John send an email to Paul, he encrypts the mail with Paul's public key in order to ensure that only Paul will be able to read this mail. Note that this does not assure authentication (you need to sign the email for that), only confidentiality.

Alex T.
  • 185
  • 2
  • 12
1

Here are a few pointers to think about while you are implementing this.

Every user must have a private and public GPG key. They generate the key themselves and give the public key to the sysadmins to make available to everyone. John can then encrypt his email to Paul using Paul's public key, and then only Paul can decrypt it with his private key.

But careful! If John wants to be able to later read the email he sends, he would have to also encrypt the email with his own key. This is a configuration option in most mail clients, not sure about Outlook.

But careful again! If Paul is fired under odd circumstances and all of a sudden his email has to be audited, you are out of luck as only Paul himself can decrypt it. That is why it is good to have a master GPG key, and state in a policy that "all encrypted documents have to be encrypted with the master public key". The master private key password should be kept very safe to be used in an emergency.

Also, if you intend to encrypt emails sent to a group emails, it would make sense to generate and share a private key among the group members. This can make it easy for the sysadmins to share passwords within their team for example.

chutz
  • 7,888
  • 1
  • 29
  • 59
  • And instead of the master key you can just require everyone to surrender a copy of their private key encrypted with a random password that is kept somewhere safe. I personally do not like this idea too much as these keys are also used for signing. This means that while a master key makes it possible to potentially decrypt the data, surrendering a private key makes it potentially possible to impersonate that person. It's a trade-off. – chutz Oct 30 '12 at 14:46
  • looking at a certificate , How can I know if it contains private key ? I can see public key entery. but what about the public key ? how can I check it ? – Royi Namir Oct 30 '12 at 21:12
  • You can check with `gpg --list-secret-keys`. Or if you pipe the key into `gpg`, it would should a `sec` entry for a "secret" key. – chutz Oct 31 '12 at 02:14
  • did you mean pgp ? I dont have gpg in cmd. is there any windows way of doing it ? ( without using pgp ) ? – Royi Namir Oct 31 '12 at 05:46