File Share Encryption

Hi there,

Hoping that I can get some sound advice regarding adding a secondary PGP key pair, within PGP desktop.

Context: Currently have a PGP envrionment, where PGP is deployed solely for Whole Disk Encryption (WDE) for mobile users. We don't use PGP fro PKI or email email encryption. Mobile users have their keys generated when they are created on the system, but no passphrase is (AFAIK) created or used and certainly not passed onto the end user.

I've been asked to investigate (requested by an external client) the possibility of using PGP to send encrypted emails, as I don;t have a passphrase, or can reset\create a passphrase for the end user, i was thinking that I might create a secondary keypair, whereby I can create a passphrase for the new keypair and thus sign the external clients public key and thus send PGP encrypted email.

My question would be: does generating the second keypair potentially cause an issue with the orginal keypair when it comes to encrypting\decrypting the laptop HDD? My initial thinking is that it won;t since keypairs are matched from large primes, both keypairs are unique thus it won;t cause any conflict or brick the laptop drive, but not 100% sure.

If anyone can clarify the above, provide guidance or push me in the right direction of authorititve documentation I would be most grateful.

Best.

Rob.

There should be no problem creating a second PGP Key.  I currently have three keypairs on my system.  In fact, I have two keypairs with identical Username and Email address assigned to them, as I use a different key for file encryption and email encryption in my test environment.  It should work fine.

Also, to clarify, if you encrypted your primary hard drive, it did not encrypt to the key in your keyring.  The drive encryption key for the primary drive would reside in another location where it can be accessible at boot time.  You can encrypt secondary or external drives to your key.