PGP Tool

Learn · 5 min read

Encrypt a PGP message to multiple recipients

Send one encrypted message that several people can decrypt independently. Here is how OpenPGP handles multi-recipient envelopes and the practical workflow.

OpenPGP makes multi-recipient encryption a single-step operation: you list every recipient, the tool encrypts the message body once with a fresh symmetric session key, then encrypts that session key separately to each recipient's public key. Every listed recipient can decrypt independently with their own private key. Anyone not on the list cannot.

How OpenPGP handles it

A PGP-encrypted message has two parts. The body is encrypted once with a random AES session key. The header carries one Public-Key Encrypted Session Key (PKESK) packet per recipient — each one is the same session key encrypted to a different public key.

When Bob decrypts, his client looks for a PKESK that his private key can unwrap, recovers the session key, then decrypts the body. Alice doing the same finds her own PKESK and gets the same session key. The body is only encrypted once on the wire — the file size grows by ~1 KB per additional recipient, not by the size of the message.

Doing it in this app

  1. Open the [Encrypt tool](https://pgptool.dev/encrypt).
  2. Paste the first recipient's public key. Validation will show their user ID.
  3. Click "Add recipient" and paste the next one. The Encrypt tool supports up to five recipients per message.
  4. Type your plaintext.
  5. Click Encrypt. The output is a single ciphertext block — give the same block to every recipient.

Practical considerations

  • You do NOT include yourself automatically. If you want to be able to decrypt your own sent messages, add your own public key as a recipient.
  • Each recipient sees who else is on the list — the PKESK packets carry key IDs in the clear (or hidden, see below). For confidential CC behavior, encrypt twice or use the hidden-recipient option.
  • Hidden recipients (the OpenPGP --hidden-encrypt-to flag) zero out the key ID in the PKESK, but the recipient count is still visible. True anonymous recipients require external metadata stripping.
  • Different recipients can have different key types (RSA, Curve25519, P-384) — OpenPGP picks the right algorithm per PKESK packet.

When to encrypt to many recipients vs send N times

Single multi-recipient message: smaller, faster, easier to keep in sync (everyone sees the same content). Use this for normal cases — team announcements, group secrets, shared credentials.

Separate messages per recipient: required when content varies per person (e.g. each gets a different password), or when the recipient list itself is sensitive and you do not want recipients to see each other's key IDs.