Remove a recipient from a message without viewing it

[David Shaw]

On Nov 21, 2010, at 4:31 AM, Nathan Krasnopoler wrote:

> Is there a way to remove a recipient from a message without having any
> of the private keys needed to view the message?
> 
> For example, is message M is encrypted to Sam, John, and Bob as text
> C, I would like to output C_s that is M encrypted only to Sam, C_j
> that is M encrypted only to John, and C_b that is M encrypted only to
> Bob.
> 
> If this is possible, I think it would also preserve any signatures on M.

Yes, this is doable, but I don't know of any code already written to do it.

OpenPGP encrypted messages are constructed of a number of packets, some containing other packets when opened.  So for example, you can have an encrypted packet that contains a data packet, or an encrypted packet that contains a compressed packet that contains a data packet.

In your case, I'd recommend experimenting with the 'gpgsplit' program that comes with GPG.  It will break your message M into its component pieces, and you can re-stitch them together using 'cat' or the like.  Run gpgsplit on your encrypted M, and you will end up with multiple files tagged "pk_enc", and one file tagged "encrypted".  Each pk_enc is an encrypted session key for a particular recipient (Sam, John, or Bob).  If you reassemble a single pk_enc with the encrypted file, you will have a message that is only readable by that recipient.  The same thing can be done to put together an encrypted message that only two of your three recipients can handle - just include the appropriate pk_enc before the encrypted file

You can see RFC-4880 for the internals of how packets are put together, if you're interested in the file details.

David