Hi all,
I'm new in my job and I revied several documentation about IT-software implemented in our environment.
One topic is FileShare Ecnryption.
We have several file shares encrypted with group keys, to which different users belong.
The encrypted file shares contain 100s of GB data. Though when a new employee needs access to the data, he gets a pgp user which belongs to the corresponding group and the share must be taken offline for a while to re-encrypt the data.
From my point of view this is not comfortable to the customer, because it takes hours.
I did not find any other solution than this concept in White Papers and User Manuals.
Is it an option to
- setup one user per fileshare
- provide a private key for this user
- encrypt the filshare
- publish the private key to keyrings of other users
If so, I would not need to re-encrypt.
The risk I see: a user could export the private key and publish it to anyone. Is this avoidable?
rgds
Oerst