How can I prove the content of a PGP-encrypted message to a third party?



  • Imagine this scenario

    • A StackExchange user sends you a PGP-encrypted message
    • You decrypt the message and discover that you are being blackmailed
    • You report the message to the admins but they are unable to view the content

    In this situation, is there any way to tie the plaintext to the ciphertext without revealing your private key?

    If not, what precautions must one take before revealing their private key?



  • In principle your private key can be used to extract the random symmetric key within the message. This random symmetric key could then be supplied to decrypt the message without exposing your private key.

    In practice, I'm not aware of any existing tools that support doing this. I did run across some code that claims to be a partial PoC https://gist.github.com/mrmekon/1348090 . I have no knowledge as to its veracity.

    Edit

    I defer to @dave_thompson_085 's answer. Apparently it's already there in GPG as an option.




Suggested Topics

  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2