--list-only and symmetric encryption (fwd)
David Shaw
dshaw at jabberwocky.com
Mon Jul 19 03:02:42 CEST 2004
On Tue, Jul 06, 2004 at 11:41:15AM -0400, Atom 'Smasher' wrote:
> On Wed, 30 Jun 2004, David Shaw wrote:
> > On Tue, Jun 29, 2004 at 11:46:53PM -0400, Atom 'Smasher' wrote:
>
> > > i'm curious how that works... i understand how a message can be encrypted
> > > to multiple public keys, since the bulk encryption is only done using one
> > > key. i don't understand how a message can be efficiently ("efficiently",
> > > meaning that the message is only encrypted once) encrypted to multiple
> > > symmetric keys.
> >
> > It works the same way that it does with public keys. The data is
> > encrypted using a random session key, then that session key is
> > encrypted using the passphrase. If you want to use multiple
> > passphrases, just encrypt the random session key to as many
> > passphrases as you like.
> ===================
>
> so, GnuPG can read, but not create these messages? are there plans handle
> creation? or would it have to be done by performing packet-surgery with
> gpgsplit?
I'm sure eventually it will make it into GnuPG. It's unfortunately
not possible to do packet surgery with gpgsplit to do this since it
requires the session key to be the same for all passphrases.
> if only a single symmetric passphrase is used, is there still a session
> key encrypted with the symmetric key? (i only have text access right now,
> and can't get to a copy of the RFC).
Yes and no. If you have a message with multiple passphrases or a
message that can be decrypted via a passphrase or the public key
system then yes. Otherwise, the mangled passphrase *is* the session
key.
David
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 250 bytes
Desc: not available
Url : /pipermail/attachments/20040718/ef2c5736/attachment.bin
More information about the Gnupg-devel
mailing list