Remove key from an encrypted file?

David Shaw dshaw at jabberwocky.com
Wed Oct 6 21:12:31 CEST 2010 

On Oct 6, 2010, at 1:19 PM, Benjamin Bressman wrote:

> If I use GnuPG to encrypt a file with multiple keys is it possible to
> remove one of those keys at a later date?
> 
> Let's say I encrypt sensitive information so that three users could
> decrypt it, but one of those users leaves the organization at some
> point. Could I just remove that key's access to the file, or would I
> need to decrypt the file and then re-encrypt it with only the desired keys?

You can remove a single key's access to the file, but it might not work the way you intended.

> I'm assuming the file encryption is symmetric using a "random" key, and
> then that "random" key is encrypted asymmetrically once for each of the
> multiple keys, but let me know if that's not the case.

That is correct.

An encrypted message consists of several OpenPGP packets, concatenated together.  So for example, if I encrypt a file to Alice, Baker, and Charlie's keys, I'll end up with something that looks like this (somewhat simplified - see RFC-4880 for the actual bits):

     (session key encrypted to Alice) + (session key encrypted to Baker) + (session key encrypted to Charlie) + (encrypted data)

If I wanted to remove Alice's access to the file, I could just strip off her packet, thus leaving:

     (session key encrypted to Baker) + (session key encrypted to Charlie) + (encrypted data)

Now, Alice won't be able to decrypt that file.  However (and this is the potential gotcha), it does not affect any copies of the file that Alice already has.  So if you encrypt your data for three users, and one of those users makes a copy of the encrypted file before you strip his access, that user can still decrypt since he's working off a copy that still has the session key encrypted to him.

Note that this isn't a problem specific to stripping a single key from a file.  The same problem exists when re-encrypting to the remaining people.  Either way, if Alice makes a copy before you strip or re-encrypt, she has the file and can decrypt it.

David

More information about the Gnupg-users mailing list