Is it possible to require two private keys to decrypt with gpg?

Oscar Carlsson oscar at prutt.party
Sun Dec 26 12:06:00 CET 2021


Christian Chavez via Gnupg-users <gnupg-users at gnupg.org> writes:

> Hi!
>
> I've currently got some sensitive data I'd like to require _two_ gpg keys for decryption/unlocking.
>
> As in both are needed (AND operation), not that either can decrypt on their own (OR operation).
> I can only find description of AND operation in manpages/tutorials online.
>
> I'm hoping for a solution which doesn't just require encrypting twice (though I admit that will give the same security benefit).
> The reason why I'd like a "single gpg command solution" is the hope that such a magical incantation would play well with other tools, such as pass for
> passwordstore (e.g.).
>
> Anyone on this mailing list got any tips on how that might be achieved?

Hi,

I think Shamir's Secret Sharing might be interesting to read up about -
I'm not sure about it's support in GnuPG or similar, tho.

https://en.wikipedia.org/wiki/Shamir%27s_Secret_Sharing


Regards,
Oscar



More information about the Gnupg-users mailing list