Having one set of keys for a large group?

David Shaw dshaw@jabberwocky.com
Fri Sep 28 19:13:01 2001 

--CE+1k2dSO48ffgeK
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Fri, Sep 28, 2001 at 12:48:49PM -0400, Tom Chitty wrote:

> First, I'm relatively new to GNUpg, and I have what may be a very obvious

> question.

>=20

> If there is a group of say 12 people, at different locations around

> the country. They will all be generating documents on a new product,

> and want to share the data with the other 11 each time a new

> document (or update to an old one) is created. Instead of having to

> encrypt the document 11 different times, and mail it 11 times, isn't

> there an easy way to use one key pair so that all 12 people have the

> public and private key? That should allow user 'A' to encrypt the

> file once, mail that file to the other 11 people, and the 11

> recipients use the same private key/passphrase combination to

> decrypt it.  Thanks in advance for your reply.


You can do exactly what you just said.  Generate a key, and give
copies of both the public and private keys to everyone.  No problem.

However, there is an incorrect assumption in your idea - if everyone
had a different key, you would not need to encrypt it 11 times and
mail it 11 times.  When you encrypt a document, you can encrypt it to
any number of people at the same time:

    gpg -r person1 -r person2 -r person3 --encrypt thefile

Then mail the result to everyone.  Any person mentioned can then use
their own key to decrypt the file.

So, the bottom line is you can do it either way, but the second way is
perhaps a bit more elegant, as you can communicate privately with a
single person (as they would have their own key) if you need to.

David

--=20
   David Shaw  |  dshaw@jabberwocky.com  |  WWW http://www.jabberwocky.com/
+--------------------------------------------------------------------------=
-+
   "There are two major products that come out of Berkeley: LSD and UNIX.
      We don't believe this to be a coincidence." - Jeremy S. Anderson

--CE+1k2dSO48ffgeK
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iQEVAwUBO7SvRIccwqs8s7QVAQEV/QgAu8bH8KE1vmCZH/5zVh1aEvGX1G1urtMl
TPO1wD7VMnkfwkBDnevG+7C3k/dmnCAIfdlMPUgAVYcJ2MYCuQ3Dk5pQfpqOg2i0
femD/YckAUmhbcMzfA//q5K0Z+/JC3k8UIuHonTPdygFFxytpDbmmDGY3NkPI5it
vCtiY8ocmgQ9W25+WDutgQ2k8VgY9sDWk+QvmNOEK64PC+xFiGSMDhl7eta65Eph
2P3PFQihrbXQxSpF8CFGVIeFE/qX74tBhve49efkN+6Iaf5FDEofCMbXd8B01KEi
tsYdOwMGUv26Sxe55Y6C2wQGhIRtCquHZ3HHmH+j2gJWsJdTjoTFsA==
=0tan
-----END PGP SIGNATURE-----

--CE+1k2dSO48ffgeK--