Seperate Session Key and Encrypted Data

Daniel Koszta daniel.koszta at
Thu Oct 1 17:57:36 CEST 2015

You can use the --show-session-key and --override-session-key option for

$ gpg --encrypt <<< "Test Message" > msg
$ gpg --decrypt --show-session-key msg
$ gpg --decrypt --override-session-key 'the_session_key_gpg_gave_you'

Note that you do not need your private key for the last operation.

However, I'm not sure of the security implications of this. From the gpg

> We think that Key Escrow is a Bad Thing

(Sorry if this message appear twice on the list; I couldn't see the first
one either in my inbox or the archives of the mailing list.)

2015-10-01 16:38 GMT+02:00 Christian Loehle <cloehle at>:

> I want to use gpg to encrypt a potentially large file to some
> (cloud-like) storage provider, the recipients are not known at the time
> of uploading.
> What I want to do is to send the encrypted session key of the file to a
> recipient, when I 'add' them, without re-uploading or even touching the
> original (encrypted) file.
> This should be possible, does anyone know how to? I'm also open to other
> suggestions.
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20151001/22987f8a/attachment-0001.html>

More information about the Gnupg-users mailing list