Questions about "--group" for group encryptions.
dshaw at jabberwocky.com
Sat Feb 20 23:37:02 CET 2010
On Feb 19, 2010, at 9:53 PM, Zy Zylek wrote:
> I'm looking for a way to include a group of people in gpg file encryption/decryption (not email-based, just gpg encrypted files) without having to incorporate individual names, yet also such that more people can be added to the group in the future and that they will be able to access previously encrypted files because they joined the group after the old files were encrypted.
> Does the "--group" option in gpg serve this purpose?
No. The group option creates a group of keys, not a key that covers a given group. In other words, you can get your first requirement (encrypt to a group of people in one shot), but not your second (if more people are added to the group, they will not be able to access previously encrypted data).
> Or is there another way to go about it?
An easy way would be to make a group key and give each person access to it. The problem is that if you need to support people leaving the group, the old members can still decrypt...
More information about the Gnupg-users