Having one set of keys for a large group?
Fri Sep 28 19:13:01 2001
Content-Type: text/plain; charset=us-ascii
On Fri, Sep 28, 2001 at 12:48:49PM -0400, Tom Chitty wrote:
> First, I'm relatively new to GNUpg, and I have what may be a very obvious
> If there is a group of say 12 people, at different locations around
> the country. They will all be generating documents on a new product,
> and want to share the data with the other 11 each time a new
> document (or update to an old one) is created. Instead of having to
> encrypt the document 11 different times, and mail it 11 times, isn't
> there an easy way to use one key pair so that all 12 people have the
> public and private key? That should allow user 'A' to encrypt the
> file once, mail that file to the other 11 people, and the 11
> recipients use the same private key/passphrase combination to
> decrypt it. Thanks in advance for your reply.
You can do exactly what you just said. Generate a key, and give
copies of both the public and private keys to everyone. No problem.
However, there is an incorrect assumption in your idea - if everyone
had a different key, you would not need to encrypt it 11 times and
mail it 11 times. When you encrypt a document, you can encrypt it to
any number of people at the same time:
gpg -r person1 -r person2 -r person3 --encrypt thefile
Then mail the result to everyone. Any person mentioned can then use
their own key to decrypt the file.
So, the bottom line is you can do it either way, but the second way is
perhaps a bit more elegant, as you can communicate privately with a
single person (as they would have their own key) if you need to.
David Shaw | email@example.com | WWW http://www.jabberwocky.com/
"There are two major products that come out of Berkeley: LSD and UNIX.
We don't believe this to be a coincidence." - Jeremy S. Anderson
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
-----END PGP SIGNATURE-----