On Monday 16 Nov 2015 12:05:24 Suvayu Ali wrote:
> Hi Rejo and David,
> 
> On Sun, Nov 15, 2015 at 12:12:51PM -0600, David Champion wrote:
> > * On 15 Nov 2015, Rejo Zenger wrote:
> > > As I understand it: your message is encrypted to a session key, and
> > > that session key is encrypted with your and the recipients' key. That
> > > way, the message may have a large number of recipients, but doesn't
> > > increase in size as much.
> > 
> > This is correct.  PGP encryption generates a random symmetric key of
> > a large size -- essentially a really long password.  It encrypts the
> > original message using that "session key".  The session key is included
> > in the PGP output alongside the encrypted message, but it's encrypted
> > once for each recipient.  This gives huge space savings in the final
> > message, compared to encrypting the message once per recipient.
> > 
> > When you decrypt, PGP finds the list of encryptions of the symmetric key
> > and searches for the one encrypted with your public key.  It decrypts
> > that to get the session key, then uses the session key to decrypt the
> > original message.
> > 
> > There are two ways to store that list of session key crypts.  The
> > default is like a dictionary -- each ciphertext is indexed with the
> > key ID that encrypted it.  When PGP decrypts this, it can quickly zip
> > right to the correct session ciphertext.  The other way stores these
> > ciphertexts anonymously -- not indexed by key ID.  This is more secure,
> > but slower because PGP must try each one in turn to find the correct
> > ciphertext.  It's not a problem for a few recipients though -- it's
> > really only a performance problem with many separate recipients.
> 
> Thanks for this incredibly clear explanation.  And Xu, thanks for asking
> the question.
> 
> Cheers,

To see the two signatures you can run this command at the encrypted message:

gpg --batch --list-packets <encrypted.message>

-- 
Regards,
Mick

Attachment: signature.asc
Description: This is a digitally signed message part.

Reply via email to