Session Key Questions
wk at gnupg.org
Wed Sep 17 16:41:38 CEST 2008
On Wed, 17 Sep 2008 15:52, kevhilton at gmail.com said:
> 1. How is the session key generated? How is its entropy randomness
> determined? Is there a specific algorithm used to generate the key?
It is a random number of course:
This random number generator is modelled after the one described in
Peter Gutmann's paper: "Software Generation of Practically Strong
Random Numbers". See also chapter 6 in his book "Cryptographic
Security Architecture", New York, 2004, ISBN 0-387-95387-6.
> 2. Once generated, Im confused how its used. When I use the gpg
> --show-session-key option I receive:
> gpg: session key:
That one is the encrypted using the public key algorithm (RSA or
Elgamal) and prepended to the messaage as described in rfc4880.
> 3. Is it possible to decrypt a gnupg encrypted message if I know the
> decrypted session key? How could this be accomplished?
Don't use the public key but the session key string. The format of
this string is the same as the one printed by --show-session-key.
This option is normally not used but comes handy in case someone
forces you to reveal the content of an encrypted message; using this
option you can do this without handing out the secret key.
Linux-Kongress 2008 + Hamburg + October 7-10 + www.linux-kongress.org
Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz.
More information about the Gnupg-users