Mismatch between binary and ASCII-armored output for encrypted message

Chris Sutton lists at chrissutton.org
Wed Sep 30 15:53:04 CEST 2009

Hi Daniel,

Thanks for your reply, that does make perfect sense. In theory I do 
understand how PGP works, but this is the first time I've gotten my 
hands dirty so things are still clicking into place!

The actual problem I was debugging is why the binary output decrypts 
okay in another crypto library, but my base64-decoded version of the 
ASCII-armored output does not. I over-simplified my test case to 
expecting the two to be identical!

I've now tracked this down as a problem with compression/decompression 
which I was able to fix.

Thanks again,


Daniel Kahn Gillmor wrote:
> On 09/30/2009 05:27 AM, Chris Sutton wrote:
>> It appears as if GPG is putting slightly different binary data into the
>> ASCII-armored version as into the direct binary output. Is this possible?
> OpenPGP encryption is a hybrid model:
>  first, a random session key is generated.
>  then the random session key is used with a reasonable stream cipher
> (3DES, AES, etc) to symmetrically encrypt the data in question.
>  then the session key is asymmetrically encrypted (once for each
> recipient's key).
> The resultant block is the concatenation of the ciphertext and the
> encrypted session keys.
> Note that the first step involves some randomization (as it should!) --
> this means that each encryption of the same cleartext will yield
> radically different ciphertext.
> I suspect this difference is what you're seeing, not any issue with
> base64-encoding.
> does this make sense?
> 	--dkg

More information about the Gnupg-users mailing list