At the moment, the design is such that there is a single "master" public key for each Securedrop installation that all submissions are encrypted with. The journalists are advised to download the encrypted submissions, transfer them to the airgapped Viewing Station, decrypt them with the "master" private key (which is only stored there), and then optionally re-encrypt them to their personal public key if they want to transfer them to their personal workstations.
It would certainly be possible for this process to be automated with some additions to the journalist backend, and in that case once a journalist had taken responsibility for a particular source's communications, further communications could be restricted for their eyes only.
Thanks for the info! I imagine that for people reaching out who may need to establish an ongoing, anonymous, relationship with a reporter, the ability to use the same system the reporter is familiar with, but know that it will only be them viewing it, might be a useful feature.
At the moment, the design is such that there is a single "master" public key for each Securedrop installation that all submissions are encrypted with. The journalists are advised to download the encrypted submissions, transfer them to the airgapped Viewing Station, decrypt them with the "master" private key (which is only stored there), and then optionally re-encrypt them to their personal public key if they want to transfer them to their personal workstations.
It would certainly be possible for this process to be automated with some additions to the journalist backend, and in that case once a journalist had taken responsibility for a particular source's communications, further communications could be restricted for their eyes only.