IT Department having the secure key.
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Mon Jul 27 16:54:20 CEST 2009
On 07/27/2009 09:41 AM, Ingo Krabbe wrote:
> I mean if you encrypt a file f.txt to f.txt.gpg with 10 recipients, you will
> have a f.txt.gpg that contains f.txt 10 times encrypted in 10 different ways.
> Maybe I'm wrong about this point, but I can't think about an encryption strategy
> with mixed recipients.
I believe the way that it works is that the content of the file is
encrypted with a symmetric cipher (against a randomly-generated session
key). Then, the session key itself is encrypted to the relevant
asymmetric key, and placed in a "Public-Key Encrypted Session Key Packet":
http://tools.ietf.org/html/rfc4880#section-5.1
So if you encrypt a file to multiple public keys, the encrypted data
only grows by the size of one additional Public-Key Encrypted Session
Key Packet per recipient (about 0.5KB, depending on the algorithms
used). If you're encrypting a 500K file, an extra ESK packet isn't much
overhead.
--dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 890 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20090727/b74848b6/attachment.pgp>
More information about the Gnupg-users
mailing list