can you see any problem with this?

David Shaw dshaw at
Tue Feb 5 19:50:56 CET 2008

On Tue, Feb 05, 2008 at 01:28:08PM -0500, Adrian Thurston wrote:
> My application is here:
> I'm encrypting messages and making them publicly available over static
> HTTP. Anyone who knows the right URL can grab a message and I don't want
> recipients to be identifiable.
> Another issue is that the number of recipients and the size of messages
> may both get very large. A single encrypted message is therefore very
> attractive.

In that case, doing something like this may work for you:

gpg -o output.gpg -R recipient1 -R recipient2 -e thefile.txt
gpgsplit output.gpg

for i in *.pk_enc
  cat $i *.encrypted > `echo $i | sed -e 's/\-001\.pk_enc//'`

You'll end up with a directory full of files, one per recipient, and
each a valid OpenPGP message, but all of them protected via
throw-keyid.  I'll leave it as an exercise for the reader to determine
which file goes with which recipient ;)

  If Alice and Baker both get a message, and Alice knows which file
  Baker got, Alice can decrypt Baker's message using her own session
  key, thus revealing to Alice that Baker got the same message that
  Alice did.

  The "non-identifiable" feature with -R (aka throw-keyid) is only as
  good as throw-keyid is, which is pretty good but not perfect.

You may or may not care about these caveats.


More information about the Gnupg-users mailing list