Is it possible to require two private keys to decrypt with gpg?

Ángel angel at pgp.16bits.net
Wed Dec 29 02:33:56 CET 2021


On 2021-12-26 at 04:47 +0100, Christian Chavez wrote:
> Hi!
> 
> I've currently got some sensitive data I'd like to require _two_ gpg
> keys for decryption/unlocking.
> 
> As in both are needed (AND operation), not that either can decrypt on
> their own (OR operation).
> I can only find description of AND operation in manpages/tutorials
> online.
> 
> I'm hoping for a solution which doesn't just require encrypting twice
> (though I admit that will give the same security benefit).
> The reason why I'd like a "single gpg command solution" is the hope
> that such a magical incantation would play well with other tools,
> such as pass for passwordstore (e.g.).
> 
> Anyone on this mailing list got any tips on how that might be
> achieved?

You could use a wrapper which calls gpg twice, while the user only
calls your wrapper (as if it is gpg) once.

However, I would like to question your need for requiring two gpg keys.
How are they two gpg going to be more secure? Usually, if someone was
able to steal one key, they could steal the second one as well as the
same time, and you could simply require a different second key, or
tweak the key parameters to get an higher level, if that's what you
want to achieve from the double encryption.

Kind regards





More information about the Gnupg-users mailing list