GPG encryption to multiple recipients

It is a little known feature of GPG: you can encrypt files to multiple recipients.
Since it uses an intermediary key, the resulting file is not that much bigger.

While it is mostly used for e-mails, I am currently using it for encrypted backups.
After all, one of the issue of encrypted backups is that if you lose the key, you can’t decrypt them, and only one person can decrypt them anyway (and you can’t backup people yet).

My goal was not to be a single point of failure for the newly founded Association Weboob. The result is that, while our user database is hosted on my server, it is backed up outside of it and three people (members of the board) can decrypt it.

To use that feature, just provide the --recipient option multiple times, for example:

gpg --recipient 42FF42FF \
    --recipient 12345678 \
    --recipient FEFEFEFE \
    --encrypt-files backup.tar
This entry was posted in Sysadmin and tagged , , , . Bookmark the permalink. Post a comment or leave a trackback: Trackback URL.

One Comment

  1. Sam Gleske
    Posted 2014-04-01 at 0527 | Permalink
    Firefox 28.0 Firefox 28.0 Windows 7 x64 Edition Windows 7 x64 Edition
    I actually have a bash script handle encrypting my backups for multiple recipients…

    https://github.com/sag47/drexel-university/blob/master/bin/gpg_encrypt_individual_files.sh

    I think you might find it of interest.

    -sag47

Post a Comment

Your email is never published nor shared. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

*
*