Hi Rejo and David, On Sun, Nov 15, 2015 at 12:12:51PM -0600, David Champion wrote: > * On 15 Nov 2015, Rejo Zenger wrote: > > > > As I understand it: your message is encrypted to a session key, and that > > session key is encrypted with your and the recipients' key. That way, > > the message may have a large number of recipients, but doesn't increase > > in size as much. > > This is correct. PGP encryption generates a random symmetric key of > a large size -- essentially a really long password. It encrypts the > original message using that "session key". The session key is included > in the PGP output alongside the encrypted message, but it's encrypted > once for each recipient. This gives huge space savings in the final > message, compared to encrypting the message once per recipient. > > When you decrypt, PGP finds the list of encryptions of the symmetric key > and searches for the one encrypted with your public key. It decrypts > that to get the session key, then uses the session key to decrypt the > original message. > > There are two ways to store that list of session key crypts. The > default is like a dictionary -- each ciphertext is indexed with the > key ID that encrypted it. When PGP decrypts this, it can quickly zip > right to the correct session ciphertext. The other way stores these > ciphertexts anonymously -- not indexed by key ID. This is more secure, > but slower because PGP must try each one in turn to find the correct > ciphertext. It's not a problem for a few recipients though -- it's > really only a performance problem with many separate recipients.
Thanks for this incredibly clear explanation. And Xu, thanks for asking the question. Cheers, -- Suvayu Open source is the future. It sets us free.
