Encrypt file using PGP/GPG having multiple recipients

Question

I have used GPG for some time and know a little about the inner workings. For example I know how to encrypt a file with your public key so only you can open it with your private key, neat.

But actually what happens is (to my understanding):

1. A random passphrase is generated.
2. File is encrypted with this passphrase symmetrically.

3. The passphrase is encrypted asymmetrically with the public key of the receiver and stored in the file.

4. Receiver decrypts passphrase using private key.

5. Receiver decrypts file using passphrase.

AFAIK this is done to increase speed drastically, plus have a new secret every time makes it harder to guess the password, in theory.

So my actual question is, is it possible to have multiple recipients?

For example.. I have a 10GB file, want to share it with 5 friend or colleagues, do I really need to re-encrypt it 5 times, storing 50GB OR is it possible to encrypt the randomly chosen passphrase (for symmetric encryption) 5 times using 5 public keys and put those in the file header?

Or did I just share an idea to the world that I should have patented? =)

Answer 1

Sorry I searched but didn't find it, will do more digging next time.. I found the answers based on the comments:

PGP encrypt single message for multiple recipients

https://stackoverflow.com/questions/597188/encryption-with-multiple-different-keys

Answer 2

You can encrypt it once with a symmetric key which you generate.

Then you will also need to encrypt that symmetric key 5 times with the public keys of the 5 intended recipients.

Each recipient then gets 2 packages:

• one small encrypted symmetric key which they decrypt with their private key, and
• one large chunk which they decrypt with the symmetric key they have just uncovered via step 1.

I'm not a security professional and so my advise is only food for thought.