Gnupg good for big groups?

Simon Richter Simon.Richter at hogyros.de
Wed Aug 4 13:55:31 CEST 2010 

Hi,

On Wed, Aug 04, 2010 at 02:51:50AM +0200, Snaky Love wrote:

> I would like to encrypt communication in groups - not instant communication
> like e.g. messengers like pidgin, but like on a forum or web-group - the
> data persists in an archive,  where the communication can be read. Members
> are coming and leaving a group constantly - that means if somebody leaves
> the group, she should not be able to read the content decrypted anymore, and
> if anybody attaches the group all the old content optionally must be
> encrypted with her key so she can read all data belonging to this group.
> well, maybe you get the idea. It´s basically like a forum or mailing list
> with an archive.

Obviously you cannot revoke access to something people have already
decrypted, because they can always keep a copy.

In principle, the rest would be possible, as the data is encrypted using
a session key, which is then attached encrypted for each individual
recipient, so all that is needed is a way to decrypt one copy of the
session key and reencrypt it for the additional recipients. As said,
removing a copy of the session key is nonsensical, but if the contents
of the file change, it needs to be reencrypted anyway.

As far as I know, there are no readymade commandline tools for your use
case. Some of these would be generally useful for other uses as well:

 - take an encrypted file and add new recipients: you'd need to be one
   of the original recipients, that is, able to decrypt any of the
   packets containing the session key.
 - remove recipients from an encrypted file: can be done by selectively
   throwing away packets; I think this would also be useful in some
   email setups.

> So is there any trick to encrypt data at creation time for unknown future
> users?

Not really -- you need to have access to the clear text data somehow to
extend the list of people who have access. This access can be realized
by having a special "recipient" for the web frontend, and by
manipulating the gnupg packet stream, the actual data need not be
decrypted, but all you gain is speed, not security, as you still need
the same information as if you were to decrypt the data. And, obviously,
that is a good thing.

> And how can I remove users from the group of allowed users without
> re-encrypting the content?

You can remove the packet containing the session key, but if they
already have the session key, they will continue to have access. Given
that they also have had access to the clear text, this is not really an
issue.

> Is this scenario - group communication - not a use-case for gnupg at all?

There are mailing list managers that support encrypted mailing lists --
i.e. you encrypt the message to the list bot, and the bot reencrypts to
the then-current set of recipients. That doesn't solve your archive
problem though, and the revocation issue is unsolvable with any crypto
framework.

   Simon

More information about the Gnupg-users mailing list