Add/remove recipient without re-encrypting

Hauke Laging mailinglisten at
Thu Feb 3 16:07:50 CET 2011

Am Donnerstag 03 Februar 2011 15:38:12 schrieb Alphazo:
> Is it possible to add or remove a recipient to an already encrypted file
>  and thus without re-encrypting the whole file?

Not an answer but a proposal:

I have read this question several times on this list. I know that this is 
possible today but complicated (and AFAIK not part of the gpg documentation). 
I prefer an easy solution within gpg. Thus I suggest the feature that 
recipient packets can be stored in a seperate file. Thus only a small file has 
to be changed (extended or partially erased).

A solution with better compatibility would be: The session key of the content 
file is the encrypted content of the recipients file. Thus implementations 
with a feature like --override-session-key can still access the content file 
(with some manual assistance) if they don't support such an extension file.

That could look like this:

gpg --encrypt --recipient 11111111 --recipient 11111112 file.txt

would change to

gpg --encrypt --recipient 11111111 --ext-rec-file  --recipient 11111112 \

with all recipients given after --ext-rec-file (or --ext-rec-file=filename) 
being written to the extension file.

If this is not implemented and we stick to "you would need to write the tool 
yourself" then it might be helpful to add the option to write some dummy 
recipients (just to have enough space in the file which can be overwritten).

PGP: D44C 6A5B 71B0 427C CED3 025C BD7D 6D27 ECCB 5814
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 555 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20110203/8c944098/attachment.pgp>

More information about the Gnupg-users mailing list