Multiple recipients encryption
sven at radde.name
Fri Oct 26 20:14:48 CEST 2007
> I was wondering about how gnupg works when I encrypt a message for
> multiple recipients. As long as I know public-key encryption works as
> described in this image
This image is a simplified view on public key encryption. Actually,
GnuPG (and practically all other implementations) use a "hybrid"
cryptosystem and not "pure" public key encryption.
A hybrid system first generates a random key for a symmetric algorithm
(say, AES) and encrypts the message itself with this key (called the
The session key is then encrypted with the public key of each recipient
and all those encrypted session keys are sent along with the message.
The recipient then finds the session key packet that was encrypted for
his private key, decrypts the session key and uses the session key to
decrypt the message itself.
Apart from the nice property that you can encrypt for multiple
recipients, this has major advantages in efficiency:
The bulk of the data is encrypted with a relatively fast symmetric
algorithm and only the short key for that (say, 256 bit = 32 bytes) is
encrypted with the very slow asymmetric algorithms.
You really wouldn't want to wait for a pure RSA encryption of a few
megabytes (and I'm not even sure whether that would be a good idea,
More information about the Gnupg-users