On Monday 16 Nov 2015 12:05:24 Suvayu Ali wrote: > Hi Rejo and David, > > On Sun, Nov 15, 2015 at 12:12:51PM -0600, David Champion wrote: > > * On 15 Nov 2015, Rejo Zenger wrote: > > > As I understand it: your message is encrypted to a session key, and > > > that session key is encrypted with your and the recipients' key. That > > > way, the message may have a large number of recipients, but doesn't > > > increase in size as much. > > > > This is correct. PGP encryption generates a random symmetric key of > > a large size -- essentially a really long password. It encrypts the > > original message using that "session key". The session key is included > > in the PGP output alongside the encrypted message, but it's encrypted > > once for each recipient. This gives huge space savings in the final > > message, compared to encrypting the message once per recipient. > > > > When you decrypt, PGP finds the list of encryptions of the symmetric key > > and searches for the one encrypted with your public key. It decrypts > > that to get the session key, then uses the session key to decrypt the > > original message. > > > > There are two ways to store that list of session key crypts. The > > default is like a dictionary -- each ciphertext is indexed with the > > key ID that encrypted it. When PGP decrypts this, it can quickly zip > > right to the correct session ciphertext. The other way stores these > > ciphertexts anonymously -- not indexed by key ID. This is more secure, > > but slower because PGP must try each one in turn to find the correct > > ciphertext. It's not a problem for a few recipients though -- it's > > really only a performance problem with many separate recipients. > > Thanks for this incredibly clear explanation. And Xu, thanks for asking > the question. > > Cheers,
To see the two signatures you can run this command at the encrypted message: gpg --batch --list-packets <encrypted.message> -- Regards, Mick
signature.asc
Description: This is a digitally signed message part.