all messages for Emacs-related lists mirrored at yhetil.org
 help / color / mirror / code / Atom feed
* org-crypt & multiple recipients
@ 2015-10-25 23:39 Nick Anderson
  2015-10-26  8:54 ` Eric S Fraga
  0 siblings, 1 reply; 6+ messages in thread
From: Nick Anderson @ 2015-10-25 23:39 UTC (permalink / raw)
  To: Org Mode List

I was playing with org-crypt today and it's pretty nifty.

While encrypting things for myself is the primary use case, I have other
team members that also use org-mode. It occurred to me that it would be
neat if I could specify a list of users to encrypt a node for. Then we
could share an org file and a node could be decrypted by individual.

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: org-crypt & multiple recipients
  2015-10-25 23:39 org-crypt & multiple recipients Nick Anderson
@ 2015-10-26  8:54 ` Eric S Fraga
  2015-10-26  9:21   ` Grégoire Jadi
  0 siblings, 1 reply; 6+ messages in thread
From: Eric S Fraga @ 2015-10-26  8:54 UTC (permalink / raw)
  To: Nick Anderson; +Cc: Org Mode List

On Sunday, 25 Oct 2015 at 18:39, Nick Anderson wrote:
> I was playing with org-crypt today and it's pretty nifty.
>
> While encrypting things for myself is the primary use case, I have other
> team members that also use org-mode. It occurred to me that it would be
> neat if I could specify a list of users to encrypt a node for. Then we
> could share an org file and a node could be decrypted by individual.

This is fundamentally difficult with a public key encryption system: you
would have to have separate copies of the encrypted text, one for each
recipient?

Maybe you could have a separate private/public key pair that is shared
for group work instead?

-- 
: Eric S Fraga (0xFFFCF67D), Emacs 24.5.1, Org release_8.3beta-1229-ge900eb

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: org-crypt & multiple recipients
  2015-10-26  8:54 ` Eric S Fraga
@ 2015-10-26  9:21   ` Grégoire Jadi
  2015-10-26 11:24     ` Eric S Fraga
  0 siblings, 1 reply; 6+ messages in thread
From: Grégoire Jadi @ 2015-10-26  9:21 UTC (permalink / raw)
  To: Eric S Fraga; +Cc: Org Mode List, Nick Anderson

[-- Attachment #1: Type: text/plain, Size: 1114 bytes --]


Eric S Fraga writes:

> On Sunday, 25 Oct 2015 at 18:39, Nick Anderson wrote:
>> I was playing with org-crypt today and it's pretty nifty.
>>
>> While encrypting things for myself is the primary use case, I have other
>> team members that also use org-mode. It occurred to me that it would be
>> neat if I could specify a list of users to encrypt a node for. Then we
>> could share an org file and a node could be decrypted by individual.
>
> This is fundamentally difficult with a public key encryption system: you
> would have to have separate copies of the encrypted text, one for each
> recipient?
>
> Maybe you could have a separate private/public key pair that is shared
> for group work instead?

GPG supports multiple-recipient with --recipient
See
https://stackoverflow.com/questions/597188/encryption-with-multiple-different-keys/23725786#23725786

And the answer below explains how GPG/PGP does to not have to copy the
text for each recipient.
https://stackoverflow.com/questions/597188/encryption-with-multiple-different-keys/28206835#28206835

Best,

-- 
Grégoire Jadi

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 818 bytes --]

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: org-crypt & multiple recipients
  2015-10-26  9:21   ` Grégoire Jadi
@ 2015-10-26 11:24     ` Eric S Fraga
  2015-10-26 19:45       ` Nick Anderson
  0 siblings, 1 reply; 6+ messages in thread
From: Eric S Fraga @ 2015-10-26 11:24 UTC (permalink / raw)
  To: Grégoire Jadi; +Cc: Org Mode List, Nick Anderson

On Monday, 26 Oct 2015 at 10:21, Grégoire Jadi wrote:
> GPG supports multiple-recipient with --recipient

I stand corrected!  Thanks.  Interesting hybrid encryption approach.

However, although the main text is not copied, the header (which has the
session key, as it is called, used to encrypt the main text) is so there
will need to be a structure which has the multiple headers, one for each
recipient, in the org file.

-- 
: Eric S Fraga (0xFFFCF67D), Emacs 24.5.1, Org release_8.3beta-1229-ge900eb

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: org-crypt & multiple recipients
  2015-10-26 11:24     ` Eric S Fraga
@ 2015-10-26 19:45       ` Nick Anderson
  2015-10-27 14:20         ` Eric S Fraga
  0 siblings, 1 reply; 6+ messages in thread
From: Nick Anderson @ 2015-10-26 19:45 UTC (permalink / raw)
  To: Grégoire Jadi, Org Mode List

On 10/26/2015 06:24 AM, Eric S Fraga wrote:
> On Monday, 26 Oct 2015 at 10:21, Grégoire Jadi wrote:
>> GPG supports multiple-recipient with --recipient
> 
> I stand corrected!  Thanks.  Interesting hybrid encryption approach.
> 
> However, although the main text is not copied, the header (which has the
> session key, as it is called, used to encrypt the main text) is so there
> will need to be a structure which has the multiple headers, one for each
> recipient, in the org file.

Thanks for the link describing the multiple-recipient handling, good read.

But I guess I don't understand why there would have to be a header for
each recipient (other than current implementation limitations with
org-crypt).

Currently the CRYPTKEY property identifies the email address or KEY that
you want to encrypt for. If I have multiple of the same property the one
that is listed first seems to be used.

What if there were a CRYPTKEYS property that took a space separated list
of keys or emails?

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: org-crypt & multiple recipients
  2015-10-26 19:45       ` Nick Anderson
@ 2015-10-27 14:20         ` Eric S Fraga
  0 siblings, 0 replies; 6+ messages in thread
From: Eric S Fraga @ 2015-10-27 14:20 UTC (permalink / raw)
  To: Nick Anderson; +Cc: Org Mode List, Grégoire Jadi

On Monday, 26 Oct 2015 at 14:45, Nick Anderson wrote:

[...]

> But I guess I don't understand why there would have to be a header for
> each recipient (other than current implementation limitations with
> org-crypt).
>
> Currently the CRYPTKEY property identifies the email address or KEY that
> you want to encrypt for. If I have multiple of the same property the one
> that is listed first seems to be used.
>
> What if there were a CRYPTKEYS property that took a space separated list
> of keys or emails?

The logic, AFAIK, is that the main text is encrypted with a so-called
session key.  The key for this is then encrypted for each recipient
using their public key and only they can decrypt (with their private
key) this element, called a header.  Therefore, if you have multiple
recipients, you need multiple headers, i.e. multiple copies of the
session key each encrypted for a single recipient.

I hope this makes sense.

No matter how you do it, encrypting some text for multiple recipients
using PKI requires multiple copies of something, whether the original
text or a key used to encrypt that text.
-- 
: Eric S Fraga (0xFFFCF67D), Emacs 25.0.50.2, Org release_8.3.2-209-gba4d33

^ permalink raw reply	[flat|nested] 6+ messages in thread

end of thread, other threads:[~2015-10-27 14:20 UTC | newest]

Thread overview: 6+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2015-10-25 23:39 org-crypt & multiple recipients Nick Anderson
2015-10-26  8:54 ` Eric S Fraga
2015-10-26  9:21   ` Grégoire Jadi
2015-10-26 11:24     ` Eric S Fraga
2015-10-26 19:45       ` Nick Anderson
2015-10-27 14:20         ` Eric S Fraga

Code repositories for project(s) associated with this external index

	https://git.savannah.gnu.org/cgit/emacs.git
	https://git.savannah.gnu.org/cgit/emacs/org-mode.git

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.