Key management for archives

NdK ndk.clanbo at
Tue Jun 6 14:39:56 CEST 2017

Hello all.

I'd need to handle an archive with many big files (~200GB each). The
system receives "plain" files in a "dropbox" folder, then encrypts 'em
to a (set of) public key(s) (no corresponding private keys on this
system) and deletes source files.
Up to this point it should be OK (a cronnable script with a lot of
checks is mostly ready).

But my big doubt is how to handle archive reading in an efficient way.
The naive way would be to let an authorized user decode the file and
reencode it for the requester, but that would mean that this authorized
user should have quite a lot of space available (twice the dataset size,
at least).
Is it possible to "extract" the used session key, so that the requester
just ignores the asymmetric crypto and just uses the symmetric key to
decode the file? Drawbacks? Other ideas?


More information about the Gnupg-users mailing list