My friend wanted to introduce PGP encryption in his company for exchanging letters with clients. He asked me to write a lightweight application that supports this. I found a useful dll shell - so it doesn't seem to be very important to write an application.
What puzzles me is the security aspect. (I don't want to push him into the mine)
I know that PGP uses a combination of private / public keys. It also uses a passphrase to encrypt the private key.
It is clear.
But what if one of the employees changes the passphrase before the vacation company?
Does this mean that the company will not be able to open archived letters through communication with customers?
(Sounds like the best way to blackmail, revenge, etc.)
It is assumed: all user keys (pub + prv) are stored on the user's home disk (network) and backed up.
The 1st generated key password is stored in an envelope in a safe. Thus, the keys can be recovered - but (I think) the keys can be useless if you do not know the current password used for encryption with the private key?
(Correct me if I am wrong!)
I wonder how you archive it! What is your experience?