me and my business partner each have our own company email address for which we use PGP. This allows us to communicate safely with our customers. However in order to communicate securely, the sender already has to know our personal email addresses. We also have a mail@ email address that is forwarded to both our accounts where most of new customers contact us.
I was now wondering if it is possible to somehow create a master key for that email address and give each of us our own subkey which can be used for decryption. I am aware, that I could simply create one key for the email address and copy it to both our machines. While this scenario would be fine as long as it is just the two of us, I am thinking ahead to when we possibly have an employee that should also be able to decrypt mails for this email address. If the employee would leave our company again, I would like to be able to simple revoke his sub-key and be done with it instead of either trusting the employee to delete the key on his system or creating a new key each time.
I would imagine that many problems arise from this setup like:
- Would the sender need to encrypt the message for each subkey?
- If so, the sender would always need to recheck the keyserver before encryption
- Also we would depend on the sender to only encrypt for non-revoked keys, so security would not be on our side.
- If not, the subkeys would be able to decrypt the main key's data. How could one prohibit this for revoked keys.
- If so, the sender would always need to recheck the keyserver before encryption
All in all, it seems that my scenario is unlikely to be solved easily by GPG, but maybe someone has some clever idea to solve the problem?
Another solution to the problem could be a mail-server side script that checks incoming mail for the mail@ address and re-encrypts GPG encrypted mails with a given set of personal keys before the mail is forwarded. What do you think about that?
Thank you for your help.
