Page MenuHome GnuPG
Create Task
Maniphest T1825

Add a re-encrypt to additional key
Closed, ResolvedPublic
Actions

Description

It is sometimes useful to have a long-term storage key and a feature in the MUA
to add an additional public key encrypted packet to a message which was
encrypted to a temporary key.

Revisions and Commits

rG GnuPG
rG600df5259db0 gpg: Detect duplicate keys with --add-recipients.
rGd528d0b06533 gpg: New commands --add-recipients and --change-recipients.
rG1695cf267edf gpg: New option --show-only-session-key
rM GPGME
rMcd79fc39736f core: New encryption flags GPGME_ENCRYPT_ADD_RECP and _CHG_RECP.

Related Objects
Search...

Event Timeline

werner added projects: Feature Request, gnupg.Feb 2 2015, 6:32 PM
werner added a subscriber: werner.
neal added a subscriber: neal.Jun 12 2015, 4:12 PM

Does encrypt-to/hidden-encrypt-to in gpg.conf do this?

neal added a comment.Nov 18 2015, 1:48 PM

I now see I misunderstood the problem description.

The point is that a user has a message that is encrypted to key X. After
receiving the message, he wants to allow another key (say Y) to decrypt the
message by adding a symmetrically encrypted data packet to the message for Y,
i.e., without reencrypting the whole thing.

werner added a comment.Dec 1 2015, 7:01 PM

Right, or for example to re-encrypt a message to a workmate.

werner edited projects, added gnupg24; removed gnupg.Jan 19 2023, 3:32 PM
werner added a comment.Apr 23 2024, 2:10 PM

Another important use-case is to provide a way to migrate to a newer smartcard.

werner added a project: Restricted Project.Apr 23 2024, 2:10 PM
werner raised the priority of this task from Normal to High.Jun 6 2024, 11:23 AM
werner added a commit: rG1695cf267edf: gpg: New option --show-only-session-key.Jun 24 2024, 4:31 PM
werner added a commit: rGd528d0b06533: gpg: New commands --add-recipients and --change-recipients..Sep 9 2024, 4:48 PM
werner added a comment.Sep 9 2024, 4:51 PM

This has now been implemented for gnupg26 for public key encryption. However, symmetric key encryption, a man page, and the gpgme support are missing right now.

werner added a commit: rMcd79fc39736f: core: New encryption flags GPGME_ENCRYPT_ADD_RECP and _CHG_RECP..Sep 9 2024, 5:49 PM
werner mentioned this in T7191: Release GnuPG 2.5.1.Sep 12 2024, 12:22 PM
werner mentioned this in T7376: Release GPGME 1.24.0.Nov 6 2024, 11:41 AM
ikloecker mentioned this in T7395: Prepare Release Notes for Gpg4win 4.4.0 for Kleopatra.Nov 14 2024, 9:23 AM
werner added a commit: rG600df5259db0: gpg: Detect duplicate keys with --add-recipients..Sep 26 2025, 4:25 PM
werner mentioned this in T7869: Release GnuPG 2.5.14.Oct 22 2025, 2:18 PM
werner mentioned this in T7801: Release GnuPG 2.5.13.Oct 22 2025, 2:21 PM
werner changed the task status from Open to Testing.Oct 22 2025, 2:25 PM
werner edited projects, added gnupg26; removed gnupg24.
werner moved this task from Backlog to QA on the gnupg26 board.
timegrid edited projects, added gpd5x; removed Restricted Project.Fri, Dec 12, 2:57 PM
timegrid moved this task from Backlog to QA on the gpd5x board.
timegrid moved this task from QA to Done on the gpd5x board.Tue, Jan 6, 12:28 PM
timegrid added a subscriber: timegrid.

Looks good to me on gpg4win-5.0.0-beta479 @ win11:

  • gpg --show-only-session-key --decrypt FILE shows only the session key
  • gpg --add-recipients -r UID1 FILE adds recipients (tested with one or more uids)
  • gpg --change-recipients -r UID FILE changes the recipients (tested with one or more uids)
timegrid moved this task from QA to Done on the gnupg26 board.Tue, Jan 6, 12:28 PM
werner added a comment.Tue, Jan 6, 12:53 PM

Regarding my comment T1825#191055 : The mane page has long been updated and gpgme support is also available. For the symmetric session key, see the feature request T8016

timegrid closed this task as Resolved.Tue, Jan 6, 12:57 PM
timegrid claimed this task.