manipulating the set of keys that can decrypt a file/message
dshaw at JABBERWOCKY.COM
Fri Mar 5 17:20:32 CET 2010
On Mar 5, 2010, at 9:51 AM, Nicolas Boullis wrote:
> On Thu, Mar 04, 2010 at 06:13:17PM -0500, David Shaw wrote:
>> On Mar 4, 2010, at 4:34 PM, Nicolas Boullis wrote:
>>> Reading RFC 4880 (OpenPGP standard), if I am able to decrypt the session
>>> key, it should be possible to create a new Public-Key Encrypted Session
>>> Key packet to allow a new key to decrypt the file/message. Removing a
>>> Public-Key Encrypted Session Key should also be trivial.
>>> Does gnupg allow such manipulations?
>>> Or does anyone have suggestions how I should implement this? Libraries
>>> to use?
>> You might be able to hack something together using the GnuPG sources.
>> Certainly all of the parts you need are in there - you'd just have to
>> put them together.
> OK, thanks for your answer.
> I will now have a look at how things are organised in GnuPG code.
> Would you suggest that I look at the GnuPG 1 or GnuPG 2 code?
I'd look at the GnuPG 2 code, or more specifically, the GnuPG 2 code plus libgcrypt (the crypto library that GnuPG 2 uses). This allows you to more easily write something standalone outside of GnuPG.
> And if I succeed to implement this correctly, do you think the feature
> might be merged in GnuPG?
I don't know if this is a generally useful thing (you're not the first person to suggest this, but you are not more than the 3rd in the past 5-8 years or so). Each additional feature adds complexity to the code base. If you are going to write something, I'd recommend a standalone tool using libgcrypt for the crypto part. That way the feature exists, and it doesn't have to be carried along with GPG. That's what I did when I wrote 'paperkey'. It could have been part of GPG (as a new output format), but it didn't really make sense as a built in.
More information about the Gnupg-users