* On 15 Nov 2015, Rejo Zenger wrote: > ++ 14/11/15 22:47 -0500 - Xu Wang: > >> > >> A copy of the message will also be encrypted by your own public key and > >> saved > >> in the folder you have specified for Sent messages. It is this copy which > >> you > >> can decrypt with your private key later on, if you wish to read what you > >> sent > >> to the recipient. > [...] > >I see. So it is one email, but there is never actual double encryption > >on the same text. It is two single encryptions. I think I am > >understanding more. > > As I understand it: your message is encrypted to a session key, and that > session key is encrypted with your and the recipients' key. That way, > the message may have a large number of recipients, but doesn't increase > in size as much.
This is correct. PGP encryption generates a random symmetric key of a large size -- essentially a really long password. It encrypts the original message using that "session key". The session key is included in the PGP output alongside the encrypted message, but it's encrypted once for each recipient. This gives huge space savings in the final message, compared to encrypting the message once per recipient. When you decrypt, PGP finds the list of encryptions of the symmetric key and searches for the one encrypted with your public key. It decrypts that to get the session key, then uses the session key to decrypt the original message. There are two ways to store that list of session key crypts. The default is like a dictionary -- each ciphertext is indexed with the key ID that encrypted it. When PGP decrypts this, it can quickly zip right to the correct session ciphertext. The other way stores these ciphertexts anonymously -- not indexed by key ID. This is more secure, but slower because PGP must try each one in turn to find the correct ciphertext. It's not a problem for a few recipients though -- it's really only a performance problem with many separate recipients. -- David Champion • d...@bikeshed.us
signature.asc
Description: PGP signature
