[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [O] org-crypt & multiple recipients
From: |
Eric S Fraga |
Subject: |
Re: [O] org-crypt & multiple recipients |
Date: |
Tue, 27 Oct 2015 14:20:30 +0000 |
User-agent: |
Gnus/5.130014 (Ma Gnus v0.14) Emacs/25.0.50 (gnu/linux) |
On Monday, 26 Oct 2015 at 14:45, Nick Anderson wrote:
[...]
> But I guess I don't understand why there would have to be a header for
> each recipient (other than current implementation limitations with
> org-crypt).
>
> Currently the CRYPTKEY property identifies the email address or KEY that
> you want to encrypt for. If I have multiple of the same property the one
> that is listed first seems to be used.
>
> What if there were a CRYPTKEYS property that took a space separated list
> of keys or emails?
The logic, AFAIK, is that the main text is encrypted with a so-called
session key. The key for this is then encrypted for each recipient
using their public key and only they can decrypt (with their private
key) this element, called a header. Therefore, if you have multiple
recipients, you need multiple headers, i.e. multiple copies of the
session key each encrypted for a single recipient.
I hope this makes sense.
No matter how you do it, encrypting some text for multiple recipients
using PKI requires multiple copies of something, whether the original
text or a key used to encrypt that text.
--
: Eric S Fraga (0xFFFCF67D), Emacs 25.0.50.2, Org release_8.3.2-209-gba4d33