IT Department having the secure key.

David Shaw dshaw at
Mon Jul 27 16:49:54 CEST 2009

Somehow this thread mutated into being on both gnupg-devel and gnupg- 
users.  I'm only replying to gnupg-users.  Let's try to keep it on one  

On Jul 27, 2009, at 9:41 AM, Ingo Krabbe wrote:

>> You actually can encrypt files to more than one OpenPGP key, so that
>> anyone holding any of the recipient keys can decrypt the data.  Maybe
>> this approach would be useful for the OP?
> As far as I know you can keep multiple different encrypted copies of  
> a file, but
> one copy of the file will only have one encryption.  Assumed that  
> you don't want
> to waste space.  I just see that you can encrypt for multiple keys,  
> but you will
> increase the space needed for the file copy, don't you?
> I mean if you encrypt a file f.txt to f.txt.gpg with 10 recipients,  
> you will
> have a f.txt.gpg that contains f.txt 10 times encrypted in 10  
> different ways.
> Maybe I'm wrong about this point, but I can't think about an  
> encryption strategy
> with mixed recipients.

OpenPGP supports multiple recipients.  10 recipients do not require  
10x the space of 1 recipient, instead, you end up with a single  
encryption of the data, and then a small encrypted session key per  
recipient.  So encrypting to 10 recipients is a bit larger than  
encrypting to 1 recipient, but it is nowhere near as large as  
encrypting to 10 recipients individually.  Any of the recipients can  
decrypt the data.


More information about the Gnupg-users mailing list