--list-only and symmetric encryption (fwd)

David Shaw dshaw at jabberwocky.com
Wed Jun 30 20:31:17 CEST 2004

On Tue, Jun 29, 2004 at 11:46:53PM -0400, Atom 'Smasher' wrote:

> >>using "--list-only" to learn more about a symmetrically encrypted file, it
> >>tells me (something like):
> >>  	gpg: CAST5 encrypted data
> >>  	gpg: encrypted with 1 passphrase
> >>
> >>it says it's "encrypted with 1 passphrase"... can it be encrypted with
> >>multiple passphrases?
> >
> >Yes and no.  GnuPG will properly handle a message encrypted with
> >multiple passphrases.  However, it will not currently generate a
> >multiple passphrase message for the usual reasons.
> >
> >Note that this is different than a message that can be decrypted with
> >both passphrases and public keys.  That feature exists today in 1.3.x:
> >just do --encrypt --symmetric.
> ===================
> i'm curious how that works... i understand how a message can be encrypted 
> to multiple public keys, since the bulk encryption is only done using one 
> key. i don't understand how a message can be efficiently ("efficiently", 
> meaning that the message is only encrypted once) encrypted to multiple 
> symmetric keys.

It works the same way that it does with public keys.  The data is
encrypted using a random session key, then that session key is
encrypted using the passphrase.  If you want to use multiple
passphrases, just encrypt the random session key to as many
passphrases as you like.


More information about the Gnupg-devel mailing list