Add/remove recipient without re-encrypting

Nicolas Boullis nboullis at
Thu Feb 3 16:56:41 CET 2011


On Thu, Feb 03, 2011 at 03:38:12PM +0100, Alphazo wrote:
> Is it possible to add or remove a recipient to an already encrypted file and
> thus without re-encrypting the whole file?
> From what I understand GnuPG encrypts the payload (my binary file) with a
> symmetric session key. Then it stores each recipient key ID (optional) as
> well as an encrypted version of the session key using the public key of the
> recipient (asymmetric encryption).
> Assuming I own the private key of one the original recipient, could GnuPG
> decrypt the session key and add/remove new recipients to the existing file?

For what it's worth, I tried to write such a tool for my own, and 
annouced it on this list; see
for the announcement.

If you are interrested, I think it would be possible to resurrect this 


Nicolas Boullis

More information about the Gnupg-users mailing list