Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU

BLU Discuss list archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

GPG and multiple recipients

Hash: SHA1

A colleague and I were having a discussion about GPG and its potential
use in a data processing environment (the specific one isn't really
important).  The question came up: when encrypting a file, how does it
handle multiple recipients?  I know that multiple addresses can be
specified (each with their own --recipient tag), and as one output file
is created clearly it's not just a simple encryption of the input file
using only the recipient's public key.

One possibility we discussed was that gpg generates its own key,
encrypts the data with that, and then the recipient's public key is used
to encrypt the data key and that is then tacked on to the metadata.  If
this is the case, it would explain why the output file grows somewhat
with each new recipient.

The other suggestion was that all the supplied public keys are used to
generate an encrypted payload directly using some sort of mathematical
wizardry that I don't understand.  To me this seems difficult, as I
would assume it tough to generate an algorithm for an arbitrary number
of input keys that could still generate an output file openable by any
of the corresponding private keys.  But I haven't been a math geek since
high school, which was a very long time ago.

Of course, there may be a third possibility that neither of us had even

So what am I looking at, here?

Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla -


BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!

Boston Linux & Unix /