Trying to get a clue about 3DES

Stainless Steel Rat ratinox at
Wed Jan 6 10:24:47 CET 1999

Hash: SHA1

"TJB" == Thiago Jung Bauermann <jungmann at> writes:

TJB> I have some questions about the thing (sorry to ask so much at the
TJB> same time): It needs keys with 8 chars in size to work, but how can I
TJB> make it so that the user can specify shorter keys?

Users do not specify 3DES keys.  3DES session keys are generated randomly
by GPG when a message is signed or encrypted.

Okay, here is a rough description of how the whole process works.

When encrypting a message, GPG randomly generates three 56-bit DES session
keys (key1, key2, key3).  The message is encrypted with key1, decrypted
with key2, and encrypted again with key3.  It seems funky, but it actually
works, effectively increasing the DES keyspace to 168 bits.  Finally, the
three session keys are encrypted using the recipient's public key.

When decrypting the message, GPG needs the recipient's secret key, which is
encrypted using the user's pass phrase as a key.  This is the only key that
a user ever deals with directly.  Once GPG has the secret key, it decrypts
the session keys and reverses the process: decrypt with key3, encrypt with
key2, decrypt with key1.

As for mucking around with the DES key space, if you are serious about
learning, get your hands on a copy of _Applied Cryptography_.

Version: GnuPG v0.9.0 (GNU/Linux)
Comment: For info see

Rat <ratinox at>    \ Do not taunt Happy Fun Ball.
PGP Key: at a key server near you! \ 
GPG Key: same as my PGP 5 (DH) key  \ 

More information about the Gnupg-devel mailing list