IT Department having the secure key.

Daniel Kahn Gillmor dkg at
Mon Jul 27 16:54:20 CEST 2009

On 07/27/2009 09:41 AM, Ingo Krabbe wrote:
> I mean if you encrypt a file f.txt to f.txt.gpg with 10 recipients, you will
> have a f.txt.gpg that contains f.txt 10 times encrypted in 10 different ways.
> Maybe I'm wrong about this point, but I can't think about an encryption strategy
> with mixed recipients.

I believe the way that it works is that the content of the file is
encrypted with a symmetric cipher (against a randomly-generated session
key).  Then, the session key itself is encrypted to the relevant
asymmetric key, and placed in a "Public-Key Encrypted Session Key Packet":

So if you encrypt a file to multiple public keys, the encrypted data
only grows by the size of one additional Public-Key Encrypted Session
Key Packet per recipient (about 0.5KB, depending on the algorithms
used).  If you're encrypting a 500K file, an extra ESK packet isn't much


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 890 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20090727/b74848b6/attachment.pgp>

More information about the Gnupg-users mailing list