Joseph Oreste Bruni <[EMAIL PROTECTED]> wrote: > To extend our discussion, suppose I wish to send an encrypted message > to multiple recipients. I would then encrypt the (randomly generated) > symmetric key to each recipient's public key in turn. All of the > encrypted copies (of the symmetric key) are attached. A valid > recipient will be able to encrypt his (and only his) copy of the > symmetric key and then decrypt the document.
Everything is fine with what you said until you say this. In real practice what Thunderbird and Evolution (I can't speak for the other email programs) do is generate a separate symmetric encryption for each user. Without looking at the source code (which I have NOT done for this particular situation) you can't tell whether each user gets a separate random symmetric session key or whether all users share the same random symmetric session key. Knowing the paranoia of encryption coders, I suspect that each user gets their own randomly created symmetric session key. It also doesn't make much sense if you use the same random session key for every user. If you do that, why not just have one copy of the symmetric encryption? Without looking at the code though, I don't know that for certain. I suspect that the mail programs just use what GnuPG gives them and only do the one call to GnuPG, so you can actually do the tests with the multiple users on the command line without even using email. However, I do know that if you do tests by actually sending the same encrypted mail message (use a fairly large message of at least 64 K) to one, two, and three recipients then you can see this. Save all of the messages to a file and edit out the headers and you will find the approximate size differences for the three files: double = 2 * single triple = 3 * single triple = 1.5 * double If you had one shared symmetric encryption you wouldn't have those size changes since you would only be adding the size of the asymmetric encryption of the randomly generated session key used to do the symmetric encryption for each additional person. I will volunteer for being one of the three users (after yourself you need only one more user) if you want to do the tests actually using email itself, but I would advise just using the multiple recipients on the command line first and comparing the sizes there. Rummage around in the Enigmail section of the Thunderbird forum and if they don't have the answer just ask if they only do one call to GnuPG to do the encryption. HHH _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
