file encryption to multiple recipients

anon24241974 · July 9, 2015, 3:09pm

Hello, I’m almost new to this technology but I read about file encryption to multiple recipients and it looks like it should simply work (symmetric encryption using the keys to encrypt the password only).
Anyway what happens to me is that to decrypt a file I need both smartcards (I use Yubikeys)…
Any idea why? In the encryption options I couldn’t set symmetric or anything because it’s automatically set.

bernhard · July 10, 2015, 9:47am

Hi Encrio,

when using asymmetric encryption, multiple recipients work fine.
So decrypting with access to the private key of one certificate is enough.
When using an OpenPGP cert, this is the default, so you do not have to specify
anything, just select two recipients.

As I am not familiar with yubikeys I cannot say how they influence what you are trying to do. You could do a test run, create two OpenPGP certs in software and try how it works. (Use a test user account. You can delete them afterwards if you have not send them somewhere.)

Best Regards,
Bernhard
ps.: Flattr Gpg4win at https://flattr.com/thing/2053326,
if you appreciate this answer and my work within the Gpg4win Initiative.

anon24241974 · July 10, 2015, 12:47pm

Hello Bernhard, thank you for your answer.
You gave me the clue of trying from command-line and as a matter of fact encrypting and decrypting from command line works, so looks like the bug is in the gpg4win graphical interface.

Anyway I encontered another problem: on another computer I’m not able to decrypt the file even if the smartcard is inserted. It’s because, I think, gpg simply doesn’t know of the existance of this key and it’s not smart enough to look in the smartcard itself, even if it can see the smartcard.

So… how to make clear for gpg that it has a private key on the smartcard?
Thank you and best regards

anon24241974 · July 10, 2015, 2:57pm

I reply to myself.
The problem is mostly some “bug” on the decryption mechanism, like I’ve read on another topic in another forum. It’s possible to encrypt and decrypt also via graphical interface. When decrypting the graphical interface will ask for inserting another card: in this case the only thing that must be done is to press “c” on the keyboard, since pressing Cancel on the graphical interface cancels the whole operation. Also using the command line the same thing could happen.

Another issue is that entering new paths in the path space in the decryption screen is a little bit tricky: I still haven’t understood how it works. If left as it is it works and eventually asks for overwriting.

Good luck!

bernhard · July 13, 2015, 8:31am

Hi Enrico,

glad I could help in one case.

In order to make a smartcard (or any other private key and cert) work on a
different computer you have to als import that public cert corresponding to the
private key material on the smartcard. For a full setup you also have to import
your “trust” settings, this is the db that indicates GnuPG which cert you trust
certifying others.

As for your other remarks, it helps us if you open on thread per topic,
so they can be found afterwards. Sometimes the next step is to also create
problem reports in trackers, so the developers looks at it the next time.

Thanks for your interest in Ggpg4win!
Best Regards,
Bernhard
ps.: Flattr Gpg4win at https://flattr.com/thing/2053326,
if you appreciate this answer and my work within the Gpg4win Initiative.