GPG Question

[Bill McGonigle]

On Feb 14, 2007, at 11:22, Ed Lawson wrote:

> The question is how to use PGP in a way that provides a separation  
> between personal and business use.  In other words, how do you set  
> up PGP so that business mail is signed/encrypted so that business  
> folks can verify/decrypt business mail, but they have no ability to  
> verify/decrypt personal mail?  Is simply establishing two IDs for  
> the public key the way to go?

I've typically made a keypair for each function (business, personal,  
etc.)  How that's chosen is client-implementation dependent, but some  
mailers will allow you to chose a keypair for an account.  I've been  
using S/MIME more over the past few years, but the concepts are  
similar, and there the client just reads the e-mail addr out of the  
keypair and does the selection for you.  There are edge cases like  
when you get a new keypair before the old one expires, then you might  
have some manual pointing to do.

This also has the decided advantage that if you need to surrender  
your keypair for any reason (say, you change jobs), you only give up  
one of your functions.  I'd much rather have mailers know how to  
explicitly add the employer's key to the destination, but I don't  
know of any that support that yet.  I've argued for it at a previous  
job at a large healthcare provider but the resolution was that they'd  
rather not have the employees explicitly aware that the employer  
could read their e-mail.  Fortunately they have a benevolent dictator  
in charge of that system, currently.

-Bill

-----
Bill McGonigle, Owner           Work: 603.448.4440
BFC Computing, LLC              Home: 603.448.1668
bill at bfccomputing.com           Cell: 603.252.2606
http://www.bfccomputing.com/    Page: 603.442.1833
Blog: http://blog.bfccomputing.com/
VCard: http://bfccomputing.com/vcard/bill.vcf

For fastest support contact, please follow:
http://bfccomputing.com/support_contact.html