From OSR

[edit] Sphinx Remailer

Enables GnuPG to be used with email lists. Provides end-to-end signature verification and automated re-encryption of all incoming messages to each mailing list.

As an example, let's say that Alice signs a message with her secret key and encrypts the message and signature with Trent's public key. Trent decrypts the message and signature with his secret key, verifies Alice's signature using her public key, and then re-encrypts the message and Alice's signature using Bob, Carol and Zoe's public keys. The three of them are able to decrypt the message with their own secret keys and verify Alice's signature using her public key. In this role Trent acts like a trusted third party mailing relay.

Note that if Trent adds the encrypted session keys for every recipient, they can tell who else is receiving the encrypted emails. This leak of information may be unacceptable, so Trent should generate a new email for each of the recipients with only their session key attached.

Note also that Trent must be trusted in this role and has access to the cleartext form of the message. Perhaps using blind signatures there is an approach to ensure that even the mailing list manager can not decode the message.

[edit] Source files

• remailer - remailer program using MIME::Lite
• sphinx - test program
• Sphinx.pm - Perl module to wrap mail processing

You will also need to install Crypt::OpenPGP.