symmetric email encryption

vedaal at vedaal at
Fri Jul 18 21:23:08 CEST 2014

On 7/18/2014 at 1:52 PM, "Robert J. Hansen" <rjh at> wrote:
>> Symmetric keys and fingerprints have to be exchanged through a 

I think what Hauke meant was an exchange of the *passphrase* for the symmetric encryption, not the session key.

The symmetric keys would always change with each new email message, using gnupg symmetric encryption.

The only annoyance with this type of approach, is that it needs a separate passphrase for each correspondent,
(which we don't bother with ordinarily, since encrypting the symmetric session key to a correspondent's public key makes it unnecessary).

Hushmail has a one-way variant of this approach. 

A Hushmail user can send an encrypted message to someone who does not have encryption or Hushmail, by having the Hushmail user give the recipient an answer to a question.

The email message is encrypted symmetrically using that answer as a passphrase.
(Hushmail makes it intentionally easier, (albeit less secure),  by making the 'answer' case insensitive, and ignoring spaces and punctuation characters).

The receiver gets a message that an encrypted e-mail has been sent, and is directed to the Hushmail server where the sender's question is asked, and the receiver has 3 chances to provide the correct answer.  A correct answer decrypts the symmetrically encrypted e-mail and the plaintext is displayed on the Hushmail server. The e-mail is removed from the server after 72 hours.

A few people who have received this type of message from me, thought it was interesting and convenient, and signed up for their own hushmail accounts, and are now well on their way to learning gnupg,
so it might be an approach to get people who have never used encryption, to try it.

(My apologies, Hauke,  in advance if I mis-understood you and this discussion).


More information about the Gnupg-users mailing list