Encrypted MLs (Was: api for gpg?)
Werner Koch
wk at isil.d.shuttle.de
Mon Apr 27 20:29:10 CEST 1998
Hi Anand,
Anand Kumria <wildfire at progsoc.uts.edu.au> writes:
> When you communicate there are four different modes you can communicate
> in. Single Sender, Single Receiver (SS); Single Sender, Multiple
> Receivers (SM); Multiple Senders, Single Receiver (MS) and Multiple
> Senders, Multiple Receivers (MM).
Examples:
SS = private email
SM = anouncement MLs
MS = bug reports
MM = MLs
> I can see some immediate uses for Single Sender/Mltiple Receiver crypto;
> one would be in the Debian group. new-maintainer at debian.org actually goes
> to a number of people, in order to send a crypted message to them I need
> to know who those people are, what their current correct public keys are
We came up with a simple solution for a multiple receivers system:
1) a file with the keyids (or the complete email address) of all
subscribers is created and each id is prefixed with "-r "
2) gpg is run with "--options file-with-keyids-from-step-1" and
creates a valid message to the n receivers. This file is
stored on disk
3) a tool is used to cut off one receivers public-key encrypted
session-key and the encrypted messaage id from the file created
in step 2 and this is passed to sendmail.
4) continue with step 3 but use the next user-id.
This is quite easy but we have to do a lot of calculations.
> I can see some initial problems: key generation, secret sharing, secret
> recombination/splitting, manipulating group membership, etc. No doubt
I guess that a secret sharing scheme could heavily increase the
performance but key distribution would be quite complex. Perhaps
we should think about a n-party DH scheme which has some security
advantages.
Werner
More information about the Gnupg-devel
mailing list