manipulating the set of keys that can decrypt a file/message
Nicolas Boullis
nboullis at debian.org
Fri Mar 5 15:51:37 CET 2010
On Thu, Mar 04, 2010 at 06:13:17PM -0500, David Shaw wrote:
> On Mar 4, 2010, at 4:34 PM, Nicolas Boullis wrote:
>
> > Reading RFC 4880 (OpenPGP standard), if I am able to decrypt the session
> > key, it should be possible to create a new Public-Key Encrypted Session
> > Key packet to allow a new key to decrypt the file/message. Removing a
> > Public-Key Encrypted Session Key should also be trivial.
>
> Yes.
>
> > Does gnupg allow such manipulations?
>
> No.
>
> > Or does anyone have suggestions how I should implement this? Libraries
> > to use?
>
> You might be able to hack something together using the GnuPG sources.
> Certainly all of the parts you need are in there - you'd just have to
> put them together.
OK, thanks for your answer.
I will now have a look at how things are organised in GnuPG code.
Would you suggest that I look at the GnuPG 1 or GnuPG 2 code?
And if I succeed to implement this correctly, do you think the feature
might be merged in GnuPG?
> Alternately, take a look at
> http://openpgp.nominet.org.uk/cgi-bin/trac.cgi for a library that you
> might also borrow some code from.
As I understand it, it does not support ElGamal, which is a show-stopper
for my needs. But that's interestig anyway.
Regards,
--
Nicolas Boullis
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 315 bytes
Desc: Digital signature
URL: </pipermail/attachments/20100305/25ecbb4a/attachment.pgp>
More information about the Gnupg-users
mailing list