From mboxrd@z Thu Jan  1 00:00:00 1970
From: Eric S Fraga <e.fraga@ucl.ac.uk>
Subject: Re: org-crypt & multiple recipients
Date: Tue, 27 Oct 2015 14:20:30 +0000
Message-ID: <874mhcz93l.fsf@ucl.ac.uk>
References: <562D6820.9070203@cmdln.org>
	<87a8r66mcc.fsf@pinto.chemeng.ucl.ac.uk>
	<87611u9e8f.fsf@univ-nantes.fr>
	<874mhdc1pm.fsf@pinto.chemeng.ucl.ac.uk> <562E82BC.1080101@cmdln.org>
Mime-Version: 1.0
Content-Type: text/plain
Return-path: <emacs-orgmode-bounces+geo-emacs-orgmode=m.gmane.org@gnu.org>
Received: from eggs.gnu.org ([2001:4830:134:3::10]:51059)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <e.fraga@ucl.ac.uk>) id 1Zr57E-0006Ij-4H
	for emacs-orgmode@gnu.org; Tue, 27 Oct 2015 10:20:49 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <e.fraga@ucl.ac.uk>) id 1Zr579-0003Lq-Tt
	for emacs-orgmode@gnu.org; Tue, 27 Oct 2015 10:20:43 -0400
Received: from mail-db3on0115.outbound.protection.outlook.com
	([157.55.234.115]:12672
	helo=emea01-db3-obe.outbound.protection.outlook.com)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <e.fraga@ucl.ac.uk>) id 1Zr579-0003Ig-KZ
	for emacs-orgmode@gnu.org; Tue, 27 Oct 2015 10:20:39 -0400
In-Reply-To: <562E82BC.1080101@cmdln.org> (Nick Anderson's message of "Mon, 26
	Oct 2015 14:45:00 -0500")
List-Id: "General discussions about Org-mode." <emacs-orgmode.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/emacs-orgmode>,
	<mailto:emacs-orgmode-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/emacs-orgmode>
List-Post: <mailto:emacs-orgmode@gnu.org>
List-Help: <mailto:emacs-orgmode-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/emacs-orgmode>,
	<mailto:emacs-orgmode-request@gnu.org?subject=subscribe>
Errors-To: emacs-orgmode-bounces+geo-emacs-orgmode=m.gmane.org@gnu.org
Sender: emacs-orgmode-bounces+geo-emacs-orgmode=m.gmane.org@gnu.org
To: Nick Anderson <nick@cmdln.org>
Cc: Org Mode List <emacs-orgmode@gnu.org>, =?utf-8?Q?Gr=C3=A9goire?= Jadi <gregoire.jadi@univ-nantes.fr>

On Monday, 26 Oct 2015 at 14:45, Nick Anderson wrote:

[...]

> But I guess I don't understand why there would have to be a header for
> each recipient (other than current implementation limitations with
> org-crypt).
>
> Currently the CRYPTKEY property identifies the email address or KEY that
> you want to encrypt for. If I have multiple of the same property the one
> that is listed first seems to be used.
>
> What if there were a CRYPTKEYS property that took a space separated list
> of keys or emails?

The logic, AFAIK, is that the main text is encrypted with a so-called
session key.  The key for this is then encrypted for each recipient
using their public key and only they can decrypt (with their private
key) this element, called a header.  Therefore, if you have multiple
recipients, you need multiple headers, i.e. multiple copies of the
session key each encrypted for a single recipient.

I hope this makes sense.

No matter how you do it, encrypting some text for multiple recipients
using PKI requires multiple copies of something, whether the original
text or a key used to encrypt that text.
-- 
: Eric S Fraga (0xFFFCF67D), Emacs 25.0.50.2, Org release_8.3.2-209-gba4d33