The textbooks (e.g. William Stalling's Cryptography & Network Security, 2nded, page 359) refer to PGP using one-time session keys to encrypt messages. GnuPG seems to use subkeys to encrypt messages instead (see GNU Privacy Handbook, page 23). Is this a difference between PGP and GnuPG, or due to using ElGamal instead of RSA, or what ? David Livingstone