Is a secret key compromised by known cleartext?
Sat May 31 13:35:03 2003
On Sat, 2003-05-31 at 10:14, email@example.com wrote:
> If I got an email with a message in cleartext immediately=20
> followed by the same message encrypted to my public key --=20
> would that change the status of my secret key (being secret)=20
> abruptly to "being well known"?
Actually no. If all it took to get the private key was a
plaintext-ciphertext pair, the whole PGP concept would be pretty much
doomed. Everybody who sends you encrypted mail, has access to the
plaintext and ciphertext (because she/he generated both).
gpg takes the plaintext and encrypts it with a symmetric cipher by using
a random key. Then this random key is encrypted with your public key so
that you can decrypt the message. The symmetric algorithms used by gpg
are all immune against known-plaintext attacks.
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part
-----BEGIN PGP SIGNATURE-----
Comment: For key usage policy see http://www.crunchy-frog.org/pgp/policy.html
-----END PGP SIGNATURE-----