Is it possible to add a recipient to an already encrypted file in GPG?
Solution 1:
Short answer: no
First of all, note that if you are not one of the recipients, it is completely impossible. You do not even have the ability to decrypt the file, much less add a recipient. Even if you encrypted it two seconds ago.
Assuming you are a recipient, it is technically possible. The file is actually encrypted with a session key and the session key is encrypted with your public key, so you could in theory decrypt the session key and reencrypt it to another persons' key, and then package everything together in a file just as if you had originally encrypted the document to both people.
However, gpg does not have this capability. The closest you can get with gpg is
- Use the
--show-session-key
option to get the session key (which seems to also decrypt the file, missing the point in this case) - Encrypt that session key to someone else's public key (actually, this creates a new session key and uses that session key to encrypt the original session key)
- Send the both files.
- The recipient can decrypt the session key and use
--override-session-key
to decrypt the original message.
Solution 2:
1) This situation is why encrypting a file to yourself (as well as the intended recipients) is always a good idea. RedGrittyBrick is correct above in describing how GPG and PGP work, which flows into nathang's answer above.
2) However, if you have the original file, you're best off to simply create a new encrypted file to the new recipient.
Assuming you don't want to go the session key route from nathang's suggestion, if you encrypted the file to yourself (as above in #1) in the first place, then decrypt it and then follow step #2 above.
If you neither have the original nor encrypted it to yourself, you cannot get the data back and cannot encrypt it to anyone else without that first recipient sending you back a copy.