tags:

views:

909

answers:

2
+6  Q: 

Encryption with multiple different keys?

Is there a way to store data in an encrypted way such that it can be decrypted with several different keys?

IE, if I've encrypted data with key1, but I want to be able to decrypted with keys 2, 3, and 4.

Is this possible?

+4  A: 

Yes, it's possible. Google "multiparty encryption" for a start.

AFAIK, there are no drop 'em in and use 'em packages for it though.

-- MarkusQ

P.S. For a sketch of how it could be done, consider this. The encrypted message consists of:

  • the payload, encrypted with a one-time pad
  • the one time pad, encrypted with key1
  • the one time pad, encrypted with key2
  • ...
  • the one time pad, encrypted with keyN

The recipient who hold key i just decrypts their copy of the pad with their key, and then decrypts the payload.

However, this is just a proof that it could be done and would suck as an actual implementation. If at all possible, you should avoid rolling your own encryption. If you don't understand why, you should definitely avoid rolling your own encryption.

-----Edit ------------

If I'm wrong and the Gnu tools do that, use them. But I can't seem to find any information on how to do it.

MarkusQ  2009-02-28 00:31:56
What might suck about this is that once you know the one time pad, you have a known plain text, along with the encrypted values for other keys. Using this information, you could make it easier to find out what the others keys are.
Kibbee  2009-02-28 02:57:10
Googling "multiparty encryption" doesn't turn up much. You'll likely have better luck with "broadcast encryption" which encompasses this case as well.
stak  2010-10-17 01:40:03
+8  A: 

GnuPG does multi-key encryption in standard.

The following command will encrypt doc.txt using the public key for Alice and the public key for bob. Alice can decrypt using or private key. Bob can also decrypt using his private key.

gpg --encrypt --recipient [email protected] \
    --recipient [email protected] doc.txt

This feature is detailed in the user guide section entitled "Encrypting and decrypting documents"

David Segonds  2009-02-28 00:34:23
I took a quick look at GnuPG doco, but couldn't find mulit-key decryption. Would you mind pointing out where it is? Thanks.
Mitch Wheat  2009-02-28 00:39:19
Ditto. It be cool to know how to do that, but I can't find hide no man page on it.
MarkusQ  2009-02-28 02:49:02
Added more info.
David Segonds  2009-02-28 08:59:15

related questions

How to implement password protection for individual files?
Encrypting appSettings in web.config
Usefulness of SQL Server "with encryption" statement
How can I use a key blob generated from Win32 CryptoAPI in my .NET application?
CodeReview: Tiny Encryption Algorithm for arbitrary sized data
Simple encryption implementation in C
Which hard disk encryption software to choose?
Passing untampered data from Flash app to server?
How do I prevent replay attacks?
Is there a best .NET algorithm for credit card encryption?
Encrypt data from users in web applications
How to encrypt one message for multiple recipients?
Two-way password encryption without ssl
What's the answer to this Microsoft PDC challenge?
GPG: How does key signing work and how is it done?
Secure Online Highscore Lists for Non-Web Games
Programmatically encrypting a config-file in .NET
How do I use 3des encryption/decryption in Java?
Encryption in C# Web-Services
Suitable alternative to CryptEncrypt
Can a proxy server cache SSL GETs? If not, would response body encryption suffice?
C# - CryptographicException: Padding is invalid and cannot be removed
How can I encode xml files to xfdl (base64-gzip)?
How do I add SSL to a .net application that uses httplistener - it will *not* be running on IIS
Encrypting Passwords