Session Key Questions

Wed Sep 17 15:52:23 CEST 2008

Just some quick questions regarding the session key.  Ive consulted
the RFC4880 docs, however am still slightly confused regarding the
session key.

1. How is the session key generated?  How is its entropy randomness
determined?  Is there a specific algorithm used to generate the key?
2. Once generated, Im confused how its used.  When I use the gpg
--show-session-key option I receive:
gpg: session key:
`9:EB7DFF392EA4EDBC90A8836F82462CD0E0B5AB22D49141941CE252311ECD2D9C'

I believe 9 is referring to the symmetric cipher which the session key
is used as described by:
9.2.  Symmetric-Key Algorithms

       ID           Algorithm
       --           ---------
       0          - Plaintext or unencrypted data
       1          - IDEA [IDEA]
       2          - TripleDES (DES-EDE, [SCHNEIER] [HAC] -
                    168 bit key derived from 192)
       3          - CAST5 (128 bit key, as per [RFC2144])
       4          - Blowfish (128 bit key, 16 rounds) [BLOWFISH]
       5          - Reserved
       6          - Reserved
       7          - AES with 128-bit key [AES]
       8          - AES with 192-bit key
       9          - AES with 256-bit key
       10         - Twofish with 256-bit key [TWOFISH]
       100 to 110 - Private/Experimental algorithm

3. Is it possible to decrypt a gnupg encrypted message if I know the
decrypted session key?  How could this be accomplished?
-- 
Kevin Hilton