Video Screencast Help

PGP UN Server 3 - Multiple 'Consumers', 1 shared key

Created: 28 Jul 2011 • Updated: 28 Jul 2011 | 1 comment


I have just been tasked with implementing PGP UN Server 3.x for our organisation.

I've configured pretty much everything as it should be and that's all fine but now our requirement is to have 1 key shared between a department.

For example:

'Manufacturing' consists of 12 users who deal with 20 external parties using PGP keys.

Currently we are using the standalone PGP Desktop v9, thus each external party requires the key of all 20 'Manufacturing' users.
We would like to create a generic Manufacturing key to be shared between all 20 internal users whilst allowing them to still E-Mail out from their own addresses. Such as: -> Encrypted with generic 'Manufacturing' key -> -> Encrypted with generic 'Manufacturing' key ->

Alongside this we would also like the external party keys to be centrally manageable by the internal user.

For instance if we bring on a 21st external party, sends his key to David Davidson imports this key and signs it. Matthew Matthews should then be able to pick up that key from the UN Server.

Is this at all possible? If it made any sense.

Thanks for reading!


Comments 1 CommentJump to latest comment

CB4's picture

If your external partners have the ability to search for keys via their UN servers then there is no reason for your internal users to exchange keys, it should be done via the server. Worst case they'll have to create a policy on the server to encrypt to an email address specific to your domain name.

If that is not an option you'll have to create an account either in LDAP or AD as this generic user and distribute the keypair (both public and private) to whoever will need to decrypt data from your external users. Someone will have to manage this key and its distrbution. You'll also have to think of accountability given no one person will be "responsible" for what gets encrypted and\or decrypted.

As far as having the external users keys managed, you should look into implementing PGP Verfied Directory. This will allow users to upload their individual keys to a central location (your server) where you could set the level of management you're looking for.