This article details the process to rejoin split keys in PGP Desktop 10.
Once a key is split among multiple shareholders, attempting to sign or decrypt with it causes PGP Desktop to attempt to rejoin the key automatically. There are two ways to rejoin the key: locally and remotely.
Rejoining key shares locally requires the shareholders presence at the rejoining computer. Each shareholder is required to enter the passphrase for their key share.
|Note: If you elected to temporarily rejoin the key in order to decrypt or sign, the file is signed or decrypted with the split key and the rejoined key is discarded.
If you elected to permanently rejoin the key, the key is saved as a fully rejoined key (and is no longer split).
Rejoining key shares remotely requires the remote shareholders to authenticate and decrypt their keys before sending them over the network. The PGP Desktop Transport Layer Security (TLS) feature provides a secure link to transmit key shares, allowing multiple individuals in distant locations to securely sign or decrypt with their key share.
To collect key shares over the network, make sure the remote shareholders have PGP Desktop installed and are prepared to send their key share file. Remote shareholders must have:
|Caution: If you have not signed the key that is being used to authenticate the remote system, the key is considered invalid. Although you can rejoin the split key with an invalid authenticating key, it is not recommended. You should verify each shareholders fingerprint and sign each shareholders public key to ensure that the authenticating key is legitimate.|