Discuss this help topic in SecureBlackbox Forum

Encrypt a file with several public keys

Sometimes there is a need to encrypt the same file with several public keys, e.g. where you need several different people to be able to decrypt it independently. SecureBlackbox allows to do that easily.

You might wish to read Encrypt a File With a Public Key article to get information about encrypting files with a single public key. Encryption for multiple keys is performed in pretty much the same way. The only difference is that you fill the keyring assigned to the TElPGPWriter.EncryptingKeys property with all the needed keys instead of just one public key:

	TElPGPKeyring myKeys = new TElPGPKeyring();
	myKeys.Load("pubring.pkr", "secring.skr", true);
	int key1Index = myKeys.FindPublicKeyByEmailAddress("luke@sky.com");
	int key2Index = myKeys.FindPublicKeyByEmailAddress("leia@sky.com");
	int key3Index = myKeys.FindPublicKeyByEmailAddress("han@sky.com");

	TElPGPKeyring encryptionKeys = new TElPGPKeyring();
	encryptionKeys.AddPublicKey(myKeys.get_PublicKeys(key1Index));
	encryptionKeys.AddPublicKey(myKeys.get_PublicKeys(key2Index));
	encryptionKeys.AddPublicKey(myKeys.get_PublicKeys(key3Index));

Now, let's proceed to the encryption itself.

  1. To start with, create an instance of TElPGPWriter class:
    TElPGPWriter writer = new TElPGPWriter();
    
  2. Set its EncryptionType property to TSBPGPEncryptionType.etPublicKey:
    pgpWriter.EncryptionType = SBPGP.TSBPGPEncryptionType.etPublicKey;
    
  3. Assign the keyring with the encryption key to the pgpWriter.EncryptingKeys property:
    pgpWriter.EncryptingKeys = encryptionKeys;
    
  4. Provide the source filename (doesn't need to be the real file name) and the encryption date:
    pgpWriter.Filename = "picture.jpg";
    pgpWriter.Timestamp = DateTime.UtcNow;
    
    Note: an empty string assigned to the Filename property will make the components create a for-your-eyes-only file, which won't be decrypted to a persistent media.
  5. Tune-up encryption settings:
    pgpWriter.SymmetricKeyAlgorithm = SBPGPConstants.Unit.SB_PGP_ALGORITHM_SK_AES256;
    
    Note: in default configuration, TElPGPWriter comes with its own pre-defined encryption settings (CAST5 with 128 bit key, on the date of creation of this article).
  6. Optionally tune-up supplementary options, such as armouring:
    pgpWriter.Armor = true;
    pgpWriter.Compress = true;
    
  7. Call EncryptFile() method:
    pgpWriter.EncryptFile("picture.jpg", "picture.jpg.pgp");
    

Note: in certain scenarios, especially where heavy multi-subkey structures are used, there might be a need to specify the exact subkey to be used for encryption. While SecureBlackbox does its best to find the appropriate encryption key or subkey automatically, sometimes this is not possible due to lack of information stored within the keys. If unsure about the purpose of a particular primary key or subkey (i.e. whether it is signing-only, encryption-only or both encryption and signing capable), SecureBlackbox always uses it for encryption. As a result, the resulting file may be encrypted with multiple keys, which might be confusing for the receiving software. You can tell TElPGPWriter that it must not encrypt the file for a particular key or subkey by setting its Enabled property to false. For instance, the following setting makes TElPGPWriter not encrypt the file with the primary key and only use its subkeys:

encryptionKeys.get_PublicKeys(0).Enabled = false;

How To articles about file encryption and signing with OpenPGP

Discuss this help topic in SecureBlackbox Forum