Yes I think I can live with those characteristics of the system. Thanks for 
your analysis!

-Adrian  
-----Original Message-----
From: David Shaw <[EMAIL PROTECTED]>

Date: Tue, 5 Feb 2008 13:50:56 
To:Adrian Thurston <[EMAIL PROTECTED]>
Cc:gnupg-users@gnupg.org
Subject: Re: can you see any problem with this?


On Tue, Feb 05, 2008 at 01:28:08PM -0500, Adrian Thurston wrote:
> My application is here:
> 
> http://www.cs.queensu.ca/~thurston/fif/
> 
> I'm encrypting messages and making them publicly available over static
> HTTP. Anyone who knows the right URL can grab a message and I don't want
> recipients to be identifiable.
> 
> Another issue is that the number of recipients and the size of messages
> may both get very large. A single encrypted message is therefore very
> attractive.

In that case, doing something like this may work for you:

gpg -o output.gpg -R recipient1 -R recipient2 -e thefile.txt
gpgsplit output.gpg

for i in *.pk_enc
do
  cat $i *.encrypted > `echo $i | sed -e 's/\-001\.pk_enc//'`
done

You'll end up with a directory full of files, one per recipient, and
each a valid OpenPGP message, but all of them protected via
throw-keyid.  I'll leave it as an exercise for the reader to determine
which file goes with which recipient ;)

Caveats:
  If Alice and Baker both get a message, and Alice knows which file
  Baker got, Alice can decrypt Baker's message using her own session
  key, thus revealing to Alice that Baker got the same message that
  Alice did.

  The "non-identifiable" feature with -R (aka throw-keyid) is only as
  good as throw-keyid is, which is pretty good but not perfect.

You may or may not care about these caveats.

David


_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Reply via email to