[kleopatra] [Bug 403715] Dual or Two Person Control for Certificate encryption and storage
Andre Heinecke
bugzilla_noreply at kde.org
Tue Jan 29 06:50:55 GMT 2019
https://bugs.kde.org/show_bug.cgi?id=403715
--- Comment #1 from Andre Heinecke <aheinecke at gnupg.org> ---
For such requirements wouldn't it be best to have a two person setup using a
hardware token (e.g. an OpenPGP Smartcard) where one person has access to the
token and the second person knows the PIN?
Anyhow just to clarify:
- You only want to have the second passphrase applied on the export. But don't
want to need to enter two passphrases every time you use a key?
--> In this case I would suggest to symmetrically encrypt the export with a
second passphrase. So you would need both when the key should be imported
somewhere.
We cannot really implement technical "export" restrictions (without a hardware
token where export is impossible by design) because to use the key we need to
be able to unlock it and you can always just copy the encrypted key material
from the local storage.
--
You are receiving this mail because:
You are on the CC list for the bug.
More information about the Kdepim-bugs
mailing list