[kleopatra] [Bug 403715] Dual or Two Person Control for Certificate encryption and storage

[Rob Sumsion]

https://bugs.kde.org/show_bug.cgi?id=403715

--- Comment #2 from Rob Sumsion <robsumsion1 at gmail.com> ---
That's awesome thanks.

The smart-card idea is fantastic - two people have access to the hardware
and two with the passphrase.

Do you have any good doco. on how to setup the smart card with Kleopatra
please?

Thanks in advance

Kind Regards,
Robert Sumsion



On Tue, Jan 29, 2019 at 5:50 PM Andre Heinecke <bugzilla_noreply at kde.org>
wrote:

> https://bugs.kde.org/show_bug.cgi?id=403715
>
> --- Comment #1 from Andre Heinecke <aheinecke at gnupg.org> ---
> For such requirements wouldn't it be best to have a two person setup using
> a
> hardware token (e.g. an OpenPGP Smartcard) where one person has access to
> the
> token and the second person knows the PIN?
>
> Anyhow just to clarify:
> - You only want to have the second passphrase applied on the export. But
> don't
> want to need to enter two passphrases every time you use a key?
> --> In this case I would suggest to symmetrically encrypt the export with a
> second passphrase. So you would need both when the key should be imported
> somewhere.
>
> We cannot really implement technical "export" restrictions (without a
> hardware
> token where export is impossible by design) because to use the key we need
> to
> be able to unlock it and you can always just copy the encrypted key
> material
> from the local storage.
>
> --
> You are receiving this mail because:
> You reported the bug.

-- 
You are receiving this mail because:
You are on the CC list for the bug.