It is a little known feature of GPG: you can encrypt files to multiple recipients.
Since it uses an intermediary key, the resulting file is not that much bigger.
While it is mostly used for e-mails, I am currently using it for encrypted backups.
After all, one of the issue of encrypted backups is that if you lose the key, you can’t decrypt them, and only one person can decrypt them anyway (and you can’t backup people yet).
My goal was not to be a single point of failure for the newly founded Association Weboob. The result is that, while our user database is hosted on my server, it is backed up outside of it and three people (members of the board) can decrypt it.
To use that feature, just provide the --recipient
option multiple times, for example:
gpg --recipient 42FF42FF \ --recipient 12345678 \ --recipient FEFEFEFE \ --encrypt-files backup.tar |
One Comment
https://github.com/sag47/drexel-university/blob/master/bin/gpg_encrypt_individual_files.sh
I think you might find it of interest.
-sag47