Double encryption ??
Mon Apr 7 22:26:01 2003
-----BEGIN PGP SIGNED MESSAGE-----
Am Samstag, 5. April 2003 14:14 schrieb Oliver Hankeln:
> a friend of mine and me were just starting using GPG.
> He encrypted a text for me an sent it to me. I was able to decrypt it.
> BUT: He was also able to decrypt the encrypted message with his own
> secret key.
> The only reason why this could happen as seen by us is that the text ha=
> been encrypted twice - with my and with his public key.
> We just want to be sure we didn=B4t make any mistakes. Is our assumptio=
You are partly right.
AFAIK the encryption works as follows. A symetric key is generated to enc=
the message. The symetric key is encrypted with each public key of the=20
recipients and included in the message. For decryption you will decrypt t=
symetric key with your secret key and then decrypt the message.
So not the text is encypted twice but the symetric key is encrypted twice=
one time for evry recipient). Otherwise a message would grow very fast.
As others mentioned, the normal behaviour is not to include the senders i=
list. But most mail clients do it by default.=20
> Gnupg-users mailing list
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
-----END PGP SIGNATURE-----