manipulating the set of keys that can decrypt a file/message

Nicolas Boullis nboullis at
Fri Mar 5 15:51:37 CET 2010

On Thu, Mar 04, 2010 at 06:13:17PM -0500, David Shaw wrote:
> On Mar 4, 2010, at 4:34 PM, Nicolas Boullis wrote:
> > Reading RFC 4880 (OpenPGP standard), if I am able to decrypt the session 
> > key, it should be possible to create a new Public-Key Encrypted Session 
> > Key packet to allow a new key to decrypt the file/message. Removing a 
> > Public-Key Encrypted Session Key should also be trivial.
> Yes.
> > Does gnupg allow such manipulations?
> No.
> > Or does anyone have suggestions how I should implement this? Libraries 
> > to use?
> You might be able to hack something together using the GnuPG sources.  
> Certainly all of the parts you need are in there - you'd just have to 
> put them together.

OK, thanks for your answer.
I will now have a look at how things are organised in GnuPG code.
Would you suggest that I look at the GnuPG 1 or GnuPG 2 code?
And if I succeed to implement this correctly, do you think the feature 
might be merged in GnuPG?

> Alternately, take a look at 
> for a library that you 
> might also borrow some code from.

As I understand it, it does not support ElGamal, which is a show-stopper 
for my needs. But that's interestig anyway.


Nicolas Boullis
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 315 bytes
Desc: Digital signature
URL: </pipermail/attachments/20100305/25ecbb4a/attachment.pgp>

More information about the Gnupg-users mailing list