Remove a recipient from a message without viewing it
dshaw at jabberwocky.com
Sun Nov 21 17:05:33 CET 2010
On Nov 21, 2010, at 4:31 AM, Nathan Krasnopoler wrote:
> Is there a way to remove a recipient from a message without having any
> of the private keys needed to view the message?
> For example, is message M is encrypted to Sam, John, and Bob as text
> C, I would like to output C_s that is M encrypted only to Sam, C_j
> that is M encrypted only to John, and C_b that is M encrypted only to
> If this is possible, I think it would also preserve any signatures on M.
Yes, this is doable, but I don't know of any code already written to do it.
OpenPGP encrypted messages are constructed of a number of packets, some containing other packets when opened. So for example, you can have an encrypted packet that contains a data packet, or an encrypted packet that contains a compressed packet that contains a data packet.
In your case, I'd recommend experimenting with the 'gpgsplit' program that comes with GPG. It will break your message M into its component pieces, and you can re-stitch them together using 'cat' or the like. Run gpgsplit on your encrypted M, and you will end up with multiple files tagged "pk_enc", and one file tagged "encrypted". Each pk_enc is an encrypted session key for a particular recipient (Sam, John, or Bob). If you reassemble a single pk_enc with the encrypted file, you will have a message that is only readable by that recipient. The same thing can be done to put together an encrypted message that only two of your three recipients can handle - just include the appropriate pk_enc before the encrypted file
You can see RFC-4880 for the internals of how packets are put together, if you're interested in the file details.
More information about the Gnupg-users