How do I add more passphrases for GPG symmetric encryption?

5

With GPG I can encrypt file symmetrically, as for example described here: How do I symmetrically encrypt a file using gpg?. On decryption it will show (among other lines):

gpg: encrypted with 1 passphrase

How can I add more than one passphrase on encrypting the file?

Notes:

  • I know it is possible to add multiple recipients in the asymmetric encryption.

  • One can encrypt the file both symmetric and asymmetric at the same time. From the manpage of gpg:

    -e     Encrypt data. This option may be combined with --sign (for  a
       signed  and  encrypted  message),  --symmetric (for a message
       that may be decrypted via a secret key or a  passphrase),  [...]

  • A message on the gnupg mailing list from 2004 indicates that it is not yet possible. Now almost 10 years later and this might not be correct anymore.

gertvdijk

Posted 2013-08-20T10:25:56.580

Reputation: 3 396

Answers

4

GnuPG still has not implemented the ability to add multiple passphrases for symmetric encryption.

rsaw

Posted 2013-08-20T10:25:56.580

Reputation: 666

1If you could add a (recent) source or reference for this, I'm happy to accept this answer. – gertvdijk – 2013-08-20T22:15:11.777

That's easy to prove, run the command (gpg -c <filename>) on something. You will be prompted for one passphrase and that's it. – Ben – 2013-09-29T22:41:42.180

3

Combine with using "ssss"
Split and Combine Secrets using Shamir's Secret Sharing Scheme.

mark

Posted 2013-08-20T10:25:56.580

Reputation: 31

I think this was unfairly downvoted, maybe an explanation of what SSSS is would have helped but I found this useful. – Andrew Mackrodt – 2018-02-06T12:16:35.437

1

Run gpg2 -c on it twice: first, the file you want to encrypt and second, the encrypted file.

rake

Posted 2013-08-20T10:25:56.580

Reputation: 181

1Your Q was not entirely clear whether you wanted to require either passphrase or both passphrases to decrypt. This answers if both passphrases are required. – Xen2050 – 2016-02-14T14:21:31.067

The main problem with this I see, other than that it's now apparently not what gertvdijk wanted, is that you have to use the passphrases in a certain order. – Brōtsyorfuzthrāx – 2018-09-06T23:26:59.070

The only alternative that comes to mind is using asymmetric encryption (you can have as many recipients as you want—each of their secret keys will decrypt it), but the questioner specifically asked for symmetric. – Brōtsyorfuzthrāx – 2018-09-07T02:05:43.080

No, this doesn't work. It will result in a GPG-encrypted file within another GPG encrypted file (filename.gpg.gpg). The only way to decrypt it is by using the second and the first passphrase together. This is not what I'm asking for. Please elaborate. – gertvdijk – 2013-11-16T14:31:42.537

Asked: 2013-08-20T10:25:56.580

Viewed: 1 552 times

Active: 2017-06-14T05:44:53.403