I want to follow up on the questions posted here:
Encryption with multiple different keys?
I've implemented the GnuGP solution for a web app I built but I fell into scalability issues pretty quickly and I have to admit I have been a bit stuck. Basically, it is true that you can encrypt a file with multiple public keys so all those people can decrypt the file. Great. But now imagine you share this file with 100 people, how do you do that?
The first limit I've encountered is the command line limit, where I cannot put in one line 100 public keys..
The second limit is everytime I want to add a new person or revoke access to someone, I have to re-encrypt with the 101 or 99 keys which is very time & CPU consuming.
The Third limit is even worse, let's say I'm sharing a folder, every new person getting access to the folder requires the re-encryption with ALL people of each file of the folder..
All this seems very dirty/hacky.. Anyone would have a better solution?
Thanks
Create a random AES secret key per folder, and use that to encrypt the files, e.g. using AES EAX. Then encrypt this key using the public keys of the persons you want to give access to. If you add a person later on, decrypt with an "admin" private key, and simply encrypt the secret key with the public key. You can use a hash (e.g. SHA-256) over the filename as the initial counter for the EAX cipher.
As for command line tools, you are better off programming this stuff (using GnuPG itself for C/C++ and related and Bouncy Castle for Java apps, for instance).