1

I am trying to encrypt a file with multiple public keys and used the same syntax that is there as part of the documentation and it is throwing the below error.

Error Message

gpg : usage: gpg [options] --encrypt [filename] At line:10 char:1 + gpg --encrypt \ --recipient "Sree" \ --recipient "Matam" \ "C:Reports\ ... + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : NotSpecified: (usage: gpg [opt...rypt [filename]:String) [], RemoteException + FullyQualifiedErrorId : NativeCommandError

P.S: This encryption is done as part of a powershell script

When I encrypt with a single key, it works fine. Can someone point what is it that I am doing wrong?

gpg --encrypt \ --recipient "Sree" \ --recipient "Matam" \ "C:\Reports\test_encryption.xlsx"

I used this thread to guide me but looks like I am missing something

Encryption with multiple different keys?

Community
  • 1
  • 1
Vibhav MS
  • 143
  • 1
  • 6
  • 18
  • What "below error" ? – TessellatingHeckler Jul 14 '16 at 00:45
  • How will the two users access the file, will you provide custom decryption code? – zaph Jul 14 '16 at 10:57
  • 2
    I probably wasn't clear. My apologies. I want to encrypt the file with the public keys of 2 different users so that each can decrypt it with his/her own private keys. It is possible through Kleopatra and we are trying to automate this manual task via powershell. – Vibhav MS Jul 14 '16 at 14:32
  • 2
    Try: `gpg -r "Sree" -r "Matam" --encrypt C:\Reports\test_encryption.xlsx`. This 1) [places the options (-r/--recipient) before the command](https://www.gnupg.org/documentation/manpage.html) and it 2) removes the slashes that don't work that way in powershell – user2864740 Jul 14 '16 at 16:45
  • That was close. Thank you. Got it to work finally with this piece of code `code` $BeforeEncryptfilePathGPG = "C:\Reports\Test_Encryption.xlsx" $SignedOrEncryptedLoc = "C:\Reports\Test_Encryption.xlsx.gpg" gpg --output $SignedOrEncryptedLoc --always-trust --encrypt --recipient "Sreekar" --recipient "Matam" $BeforeEncryptfilePathGPG `code` – Vibhav MS Jul 14 '16 at 18:22

2 Answers2

2

You encrypt with one key at a time.

Once you have encrypted with one key, you may re-encrypt the ciphertext with a second key.

However, this serves no semantically legitimate purpose. Public keys are used to provide secrecy and confidentiality in the prescribed manner. I sign something with my private key and encrypt it for you with your public key. You recover it with your private key and verify it with my public key. Any superjacent use of this public key or that private key is questionable at best.

Bruce David Wilner
  • 463
  • 2
  • 4
  • I have two different users who should be able to access the file with their own keys. If I encrypt the file and run the encryption script on top of it again, wouldn't it create a file with .gpg.gpg extension. So to access the file, the user would need the key of the other user too which wouldn't work. Please correct me if I am thinking wrong here. – Vibhav MS Jul 13 '16 at 23:25
1

Got this bit to work finally. Thanks to @user2864740

$BeforeEncryptfilePathGPG = "C:\Reports\Test_Encryption.xlsx"
$SignedOrEncryptedLoc = "C:\Reports\Test_Encryption.xlsx.gpg"
gpg --output $SignedOrEncryptedLoc --always-trust --encrypt --recipient "Sreekar" --recipient "Matam" $BeforeEncryptfilePathGPG
Vibhav MS
  • 143
  • 1
  • 6
  • 18