Gnupg good for big groups?

David Smith Dave.Smith at st.com
Mon Aug 9 18:03:02 CEST 2010 

Snaky Love wrote:
> Hi David,
> 
> thank you very much for your explanation!
> 
> May I ask a few final questions about this issue: 
> 
> - are there any tools at all that handle the "group crypto + archive"
> use-case satisfactory? (Yes, PM me your ads :)
> - what is the current state of research regarding groups and cryptography? 
> 
> I am not a crypto-scientist, so my speculation might be laughable - but
> for me it looks like there is a big vacuum to be filled with some new
> crypto algorithms - considering that group-like applications are
> becoming mainstream on the net - where is the crypto tool that will help
> us keep our privacy within these "social" networks? How many people are
> working on this and what are they coming up with?

I'm afraid that my answer to both of your questions is "I don't know".

I suspect that there is a fundamental problem with trying to achieve the
"group" functionality that you want using standard crypto.  The problem
is that information cannot be created or destroyed.  Once someone has
the information required to decrypt the destination file, you cannot
prevent that person from decrypting the file at a future date, unless
you modify the encrypted file in some way (i.e. by re-encrypting it with
a new key).

I guess that there are some possible half-way solutions (for example, a
tool that could modify an existing encrypted file to add a new session
key encryption (thus giving a new user access to the file) or removing
an old session key encryption (thus removing a user's ability to access
the file) without re-doing the encryption of the target data itself; the
user doing this operation (the web server or admin) would need to be on
the recipient list of the file already.  Also, there could be other ways
of doing a similar thing within current tools by splitting the keys out
across different files.  I think it just depends on what level of
security you want - the above proposal still has potential problems -
for example, what if the user took a copy of the session key of every
file before leaving?

More information about the Gnupg-users mailing list