Encrypt file using PGP/GPG having multiple recipients [duplicate]
I have used GPG for some time and know a little about the inner workings. For example I know how to encrypt a file with your public key so only you can open it with your private key, neat.
But actually what happens is (to my understanding):
- A random passphrase is generated.
- File is encrypted with this passphrase symmetrically.
The passphrase is encrypted asymmetrically with the public key of the receiver and stored in the file.
Receiver decrypts passphrase using private key.
- Receiver decrypts file using passphrase.
AFAIK this is done to increase speed drastically, plus have a new secret every time makes it harder to guess the password, in theory.
So my actual question is, is it possible to have multiple recipients?
For example.. I have a 10GB file, want to share it with 5 friend or colleagues, do I really need to re-encrypt it 5 times, storing 50GB OR is it possible to encrypt the randomly chosen passphrase (for symmetric encryption) 5 times using 5 public keys and put those in the file header?
Or did I just share an idea to the world that I should have patented? =)
Solution 1:
Sorry I searched but didn't find it, will do more digging next time.. I found the answers based on the comments:
PGP encrypt single message for multiple recipients
https://stackoverflow.com/questions/597188/encryption-with-multiple-different-keys
Solution 2:
You can encrypt it once with a symmetric key which you generate.
Then you will also need to encrypt that symmetric key 5 times with the public keys of the 5 intended recipients.
Each recipient then gets 2 packages:
- one small encrypted symmetric key which they decrypt with their private key, and
- one large chunk which they decrypt with the symmetric key they have just uncovered via step 1.
I'm not a security professional and so my advise is only food for thought.