Hopefully someone may be able to help with some clarification around the usage of PGP within an automated system and the storage and protection of passphrases.
My questions are around the interpretation of Split Knowledge and dual control of cryptographic keys.
We are looking to implement a key change system (3.6.4) involving 3 use cases:
1) A user initiator requests a key change
2) 2 or more users supply portions of the passphrase.
3) A user to confirm the necessary number of users from use case 2 have submitted passphrases and will finalize the key.

The above means that no one person has full knowledge of the passphrase to be used (3.6.6).

The challenge we are facing is the automation of the solution. We are providing a 24/7 solution, dealing with several hundred files a week. We want to store both the passphrase and private key so that we can automate the system.

Is it safe to assume that to decrypt files, both the private key and the passphrase associated with that private key should both be treated equally in that the passphrase requires as much protection as the private key?

My concern is that storing the passphrase seems to make our key change system somewhat redundant because we would be storing the passphrase in a single place.

Unfortunately we do not have the ability to store the passphrase in the applications memory, i.e. the users from use case 2 enter their portion of the passphrase at application startup. If the system goes down the people involved to produce the passphrase may not necessarily be available.
Any thoughts or recommendations on this would be greatly appreciated

PGP is an entirely different solution from what the key management procedures were written. Not that they cannot be used with PGP, but they are somewhat pointless for some of the requirements.

The key management procedures were written for hardware security modules (HSM) in systems where you need two key halves to generate a single key. And the key change requirements were generated for those solutions using RSA keys. All of these are procedures that have been used for years in automated teller (ATM) solutions.

PGP is based on an individual, not necessarily an entire class of activity. As a result, it's great for protecting files, not so good for protecting individual data elements - although you can use it that way.

Where we see PGP the most is in the transfer of information from one business partner to another. The keys used are either tied to an individual or a process. If the process is automated, then the process needs access to the PGP key ring as well as the passphrase. The passphrase is typically stored in a key generating/storage appliance and is protected by that appliance. Access to the appliance and the necessary passphrase is granted through the account under which the application executes so that the application itself does not have to store the necessary credentials.

Thank you for the thorough response it has provided a helpful answer (We are on the right track with our PGP keyring/passphrase management).

I would have thought the use of PGP as a means to encrypt files containing CHD would be fairly prevalent in most industries. But given the lack of clarification perhaps this is not the case.

If it's not the case then how do most companies securely transfer CHD?

The secure transfer of files is done through a variety of methods.

The most common is Secure FTP using either SSH and then FTP or SSL/TLS and then FTP.

The next most common is probably WinZip v9+ using 256-bit AES encryption with a predetermined passphrase.

Finally, there's PGP. I think PGP is last because it costs more than WinZip and it requires a certain level of sophistication and understanding that most people do not want to explore.