On Sun, Nov 15, 2015 at 1:12 PM, David Champion <d...@bikeshed.us> wrote: > * On 15 Nov 2015, Rejo Zenger wrote: >> ++ 14/11/15 22:47 -0500 - Xu Wang: >> >> >> >> A copy of the message will also be encrypted by your own public key and >> >> saved >> >> in the folder you have specified for Sent messages. It is this copy >> >> which you >> >> can decrypt with your private key later on, if you wish to read what you >> >> sent >> >> to the recipient. >> [...] >> >I see. So it is one email, but there is never actual double encryption >> >on the same text. It is two single encryptions. I think I am >> >understanding more. >> >> As I understand it: your message is encrypted to a session key, and that >> session key is encrypted with your and the recipients' key. That way, >> the message may have a large number of recipients, but doesn't increase >> in size as much. > > This is correct. PGP encryption generates a random symmetric key of > a large size -- essentially a really long password. It encrypts the > original message using that "session key". The session key is included > in the PGP output alongside the encrypted message, but it's encrypted > once for each recipient. This gives huge space savings in the final > message, compared to encrypting the message once per recipient. > > When you decrypt, PGP finds the list of encryptions of the symmetric key > and searches for the one encrypted with your public key. It decrypts > that to get the session key, then uses the session key to decrypt the > original message. > > There are two ways to store that list of session key crypts. The > default is like a dictionary -- each ciphertext is indexed with the > key ID that encrypted it. When PGP decrypts this, it can quickly zip > right to the correct session ciphertext. The other way stores these > ciphertexts anonymously -- not indexed by key ID. This is more secure, > but slower because PGP must try each one in turn to find the correct > ciphertext. It's not a problem for a few recipients though -- it's > really only a performance problem with many separate recipients. > > -- > David Champion • d...@bikeshed.us
ahhhhhhhhhhhhhhh. Now I get it! Thanks for such a detailed and clearatory explantion. I am surprised that I actually understand it. But it makes perfect sense. Kind regards to each, Xu
