REENCYPT

Synopsis

HELP:   Parameter for session key re-encryption
TYPE:   OBJECT
SYNTAX: REENCYPT(MODE=ADD/SET,PASSWORD['bin'...],USERID/RECEIVER['str'...],FKM5())

Description

Activates OpenPGP re-encryption based on passwords or the FLAM5 key management extension (FKM5).

If re-encryption is used, the payload data will not be re-encrypted. Only the encrypted session key gets re-encrypted with the provided password or public key, making this operation very fast.

The following re-encrytion modes are supported:

• Add: Add new encrypted session key to existing encrypted session keys (Default).
• Set: Remove all existing encrypted session keys, an set the new one

The feature is useful with "read.binary(... decode decrypt.pgp(...))) write.binary()". If the PGP file was ASCII-armored and you activate ARMOR encoding when writing (write.binary(... encode.armor())), the ASCII-armor header is copied from the original file. If the PGP file, was not ASCII-armored and ARMOR encoding is activated when writing, the data format and character set of the encrypted data is not known and therefore cannot be added as ASCII-armor header by default.

Examples:

 FLCL CONV "
   READ.BINARY(
      FILE='my.pgp'
      DECODE=DECRYP
      DECRYPT.PGP(
         FKM5(...)
         REENCYPT(
            USERID='Berta'
            FKM5(...)
         )
      )
   )
   WRITE.BINARY(
      FILE='myandbertas.pgp.txt'
      ENCODE.ARMOR()
   )"

Arguments

• NUMBER: MODE=ADD/SET - Mode of re-encryption, what should happen with existing keys [ADD]
  • ADD - Add new receiver, keep the other receiver
  • SET - Set new receiver, don't keep the other receiver
• STRING: PASSWORD['bin'...] - Passphrases for symmetrically re-encryption
• STRING: USERID/RECEIVER['str'...] - Receiver user IDs for public key re-encryption