Encrypt a file using a PGP key
Thu Aug 7 22:36:02 2003
On Thu, 07 Aug 2003 18:26:53 +0000, firstname.lastname@example.org "Encrypt a file
using a PGP key" wrote:
> I am new to using gnupg/pgp etc. I got someone's pgp key and am trying to
> encrypt a file using it. I am having problems doing this. I downloaded the
> freeware version of pgp on a Windows machine and looked at the key. It
> shows up as
> Type: DH/DSS
> Size: 2048/1024
> Cipher: CAST
> Expires: Never
It also should show, under the 'Subkeys' tab, that it has also a subkey.
The primary key is used for signing, the subkey is used for encryption.
> I have a few questions regarding this:
> (1) Does this public key have more than one key in it ( as in one each
> for DH,
> DSS and CAST )?
DH = Diffie Hellman; See:
DSS = Digital Signature Standard
DH/DSS keys consist of a primary key for signing, and a subkey for
> (2) CAST is a symmetric key system. How can a CAST key be in this public
CAST (Carlisle Adams and Stafford Tavares, of Northern Telecom, Canada)
symmetric block cipher with an 8 byte block and a 128-bit key. Other
symmetric ciphers used by PGP are
IDEA, Triple-DES and Twofish.
As a symmetric block cipher (algorithm), CAST uses the same key for
encryption and decryption.
When the owner of that PGP key generated its key pair, he selected CAST as
the cipher. He might have selected IDEA, or 3DES, etc.
> If so, anybody can decrypt what is encrypted, right???
Not anybody, only the owner of the secret key+passphrase of the key pair
that was generated by that owner.
> (3) As for encryption: DSS is for signing, and CAST key is probably not
> in this public key.
DSS is the standard used for signing with such a key.
CAST, again, is the cipher chosen by the owner when he generated the key.
> What remains is DH. If DH= diffie-hellman, isn't that a
> key exchange protocol only? how can i encrypt using this key? Usually DH is
> used to generate a symmetric key for a session but in this case I don't
> establish a session. All i want to do is to encrypt the file and send it
DH is not a key exchange protocol only, see the information in the above
URL (and most probably in many other publications).
Another thing: if PGP were to use the actual key to encrypt a message, it
would require too long a time, making the whole process unpractical.
PGP generates a one-time random session key, much shorter than the actual
key. This session key is used to encrypt the message. Then the session key
itself is encrypted with the actual key and the result is embedded in the
final encrypted output. At the receiving end, the session key is decrypted,
using the secret key+passphrase, and then it is used to decrypt the message
> What does this public key have actually and how do i use it? I'm told
> that it
> can be used for encryption. (I believe he has been able to interact with
> people using it.)
As pointed out before, this DH/DSS key is composed of a primary key, and a
When you use it to encrypt a message, you are actually using the subkey
(with the combination of the random session key, as pointed out above).
DH/DSS keys have been around for many years, and commonly used.
> I am pretty much lost right now. Any help on how to use this, pointers to
> understanding this better etc. are greatly appreciated.
All the information I have supplied above is very sketchy. You would want
to peruse the existing documentation (included with any PGP software
release, and in many other publications) to have a really accurate overview.
But believe me, DH/DSS keys are perfectly OK. As a matter of fact, when you
import into PGP a DSA-Elgamal key generated in gpg, it is identified as
DH/DSS by PGP.
Hope this is not too confusing.