Encrypting files for many users..

Chris De Young chd at chud.net
Thu Jun 12 18:39:05 CEST 2008


Sartoros Dionysios wrote:
> Hey,
> 
> Question for you guys, new gnupg user here, great software..
> 
> I was thinking of maybe encrypting files in PGP that many people will
> require access to, since i dont know PGP inside and out I was wondering
> what would be the best method, as sometimes I will have to remove access
> for some users and add new users
> 
> I dont know subkeys or how pgp works with files too well.. Can i
> add/remove users' keys to encrypted files.. If i have 100 or even 1000
> files, would I have to do it one by one (to add a new user or remove
> access to one)..

Hrm... PGP/GPG may not be the best tool here.

I think you will either have a key distribution problem, or a lot of work to do 
encrypting and re-encrypting your 1000 files every time someone leaves or arrives.

You could encrypt all the 1000 files to a single key, and distribute that key to 
all your clients.  When a new client arrives, you just have to give her the key. 
  When a client leaves and you want to revoke access, you have to re-encrypt all 
your files to a new key and then distribute that key to all your clients.

Or, you could collect the public keys for all your clients, and encrypt all your 
files to all those keys.  If a client leaves, you have to re-encrypt everything 
to omit the key of the person who left.  If a new client arrives, you *also* 
have to re-encrypt everything to add their public key to the list.  But, you 
don't have the (potential) problem with distributing keys that you would in the 
first case.

There are surely other approaches as well, this is just what comes to my mind. 
It's not elegant.

Cheers,
-C

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 250 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20080612/ee7587c6/attachment.pgp>


More information about the Gnupg-users mailing list