manipulating the set of keys that can decrypt a file/message

[David Shaw]

On Mar 4, 2010, at 4:34 PM, Nicolas Boullis wrote:

> Hi,
> 
> Some time ago, I decided to revoke my old ElGamal encryption key and 
> replace it with a new RSA one, that I keep stored on a smartcard. (The 
> goal is to be ale to decrypt some messages/files with my laptop, but not 
> have my keys compromised if it gets lost/stolen.)
> 
> The trouble is that I have a bunch of old messages/files, encrypted fr 
> my old ElGamal key: I can't decrypt them on my laptop usig my smartcard.
> 
> So now, on a machine that has my old ElGamal secret key, I'd like to 
> modify those messages/files to make it possible to decrypt them using my 
> new RSA key.
> 
> I don't like the naive solution "gpg --decrypt | gpg --encrypt" because:
> - I would lose the signatures of messages/files that are both encrypted 
>   and signed,
> - it requires to decrypt/encrypt the whole data whie it should be 
>   sufficient to decrypt/encrypt the session key.
> 
> Reading RFC 4880 (OpenPGP standard), if I am able to decrypt the session 
> key, it should be possible to create a new Public-Key Encrypted Session 
> Key packet to allow a new key to decrypt the file/message. Removing a 
> Public-Key Encrypted Session Key should also be trivial.

Yes.

> Does gnupg allow such manipulations?

No.

> Or does anyone have suggestions how I should implement this? Libraries 
> to use?

You might be able to hack something together using the GnuPG sources.  Certainly all of the parts you need are in there - you'd just have to put them together.  Alternately, take a look at http://openpgp.nominet.org.uk/cgi-bin/trac.cgi for a library that you might also borrow some code from.

David