emacs-orgmode
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [O] org-crypt & multiple recipients


From: Eric S Fraga
Subject: Re: [O] org-crypt & multiple recipients
Date: Tue, 27 Oct 2015 14:20:30 +0000
User-agent: Gnus/5.130014 (Ma Gnus v0.14) Emacs/25.0.50 (gnu/linux)

On Monday, 26 Oct 2015 at 14:45, Nick Anderson wrote:

[...]

> But I guess I don't understand why there would have to be a header for
> each recipient (other than current implementation limitations with
> org-crypt).
>
> Currently the CRYPTKEY property identifies the email address or KEY that
> you want to encrypt for. If I have multiple of the same property the one
> that is listed first seems to be used.
>
> What if there were a CRYPTKEYS property that took a space separated list
> of keys or emails?

The logic, AFAIK, is that the main text is encrypted with a so-called
session key.  The key for this is then encrypted for each recipient
using their public key and only they can decrypt (with their private
key) this element, called a header.  Therefore, if you have multiple
recipients, you need multiple headers, i.e. multiple copies of the
session key each encrypted for a single recipient.

I hope this makes sense.

No matter how you do it, encrypting some text for multiple recipients
using PKI requires multiple copies of something, whether the original
text or a key used to encrypt that text.
-- 
: Eric S Fraga (0xFFFCF67D), Emacs 25.0.50.2, Org release_8.3.2-209-gba4d33



reply via email to

[Prev in Thread] Current Thread [Next in Thread]