Double encryption ??
Thomas Arend
Thomas.Arend@t-online.de
Mon Apr 7 22:26:01 2003
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Am Samstag, 5. April 2003 14:14 schrieb Oliver Hankeln:
> Hello,
>
> a friend of mine and me were just starting using GPG.
> He encrypted a text for me an sent it to me. I was able to decrypt it.
> BUT: He was also able to decrypt the encrypted message with his own
> secret key.
> The only reason why this could happen as seen by us is that the text ha=
s
> been encrypted twice - with my and with his public key.
> We just want to be sure we didn=B4t make any mistakes. Is our assumptio=
n
> right?
You are partly right.
AFAIK the encryption works as follows. A symetric key is generated to enc=
rypt=20
the message. The symetric key is encrypted with each public key of the=20
recipients and included in the message. For decryption you will decrypt t=
he=20
symetric key with your secret key and then decrypt the message.
So not the text is encypted twice but the symetric key is encrypted twice=
(or=20
one time for evry recipient). Otherwise a message would grow very fast.
As others mentioned, the normal behaviour is not to include the senders i=
n the=20
list. But most mail clients do it by default.=20
Thomas =20
>
> Thanks,
> Oliver
>
>
>
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users@gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iD8DBQE+kdEF2TqsmTFMxwkRAhrsAKCLajDctOcR6BbRXJzrC0t9zDYN6QCfdtB9
HdfPGPr0m8mw4x2RdSDlHuI=3D
=3D8/D3
-----END PGP SIGNATURE-----