As an example, let's say that Alice signs a message with her secret key and encrypts the message and signature with Trent's public key. Trent decrypts the message and signature with his secret key, verifies Alice's signature using her public key, and then re-encrypts the message and Alice's signature using Bob, Carol and Zoe's public keys. The three of them are able to decrypt the message with their own secret keys and verify Alice's signature using her public key. In this role Trent acts like a trusted third party mailing relay.
I've been able to use gpgsplit to generate the separate packets from the outer-most encrypted message (the encrypted session key and the symetric encrypted data packet), but do not know how to get the data packets from the message once it has been decrypted. Looking at the output from gpg --list-packets, I'm interested in the 'onepass_sig', 'literal data' and 'signature' packets that are nested in the 'encrypted data' packet:
:pubkey enc packet: version 3, algo 16, keyid 366DE80896CDC35C data: [2048 bits] data: [2048 bits] :encrypted data packet: length: 205 mdc_method: 2 gpg: encrypted with 2048-bit ELG-E key, ID 96CDC35C, \ created 2008-04-06 "Test Key " :compressed packet: algo=2 :onepass_sig packet: keyid 317BCDBAC7BE611A version 3, sigclass 00, digest 2, pubkey 17, last=1 :literal data packet: mode b (62), created 1207514699, name="clear.txt", raw data: 128 bytes :signature packet: algo 17, keyid 317BCDBAC7BE611A version 3, created 1207514699, md5len 5, sigclass 00 digest algo 2, begin of digest 8e 1e data: [158 bits] data: [158 bits]
I'd like to do this with the command line gpg tools, but have not found any way to extract the individual packets and then to re-assemble them with a new symetric session key. Another option that I am considering is to use the Perl module Crypt::OpenPGP, or perhaps raw access to libgcrypt. The easy API of gpgme doesn't seem to have the flexibility to do what I need, although I might be overlooking something.