Thank you for that in depth explanation - this is something I wasn't aware of, and it's good to know! On Sun, 15 Nov 2015, David Champion wrote:
> * On 15 Nov 2015, Rejo Zenger wrote: > > ++ 14/11/15 22:47 -0500 - Xu Wang: > > >> > > >> A copy of the message will also be encrypted by your own public key and > > >> saved > > >> in the folder you have specified for Sent messages. It is this copy > > >> which you > > >> can decrypt with your private key later on, if you wish to read what you > > >> sent > > >> to the recipient. > > [...] > > >I see. So it is one email, but there is never actual double encryption > > >on the same text. It is two single encryptions. I think I am > > >understanding more. > > > > As I understand it: your message is encrypted to a session key, and that > > session key is encrypted with your and the recipients' key. That way, > > the message may have a large number of recipients, but doesn't increase > > in size as much. > > This is correct. PGP encryption generates a random symmetric key of > a large size -- essentially a really long password. It encrypts the > original message using that "session key". The session key is included > in the PGP output alongside the encrypted message, but it's encrypted > once for each recipient. This gives huge space savings in the final > message, compared to encrypting the message once per recipient. > > When you decrypt, PGP finds the list of encryptions of the symmetric key > and searches for the one encrypted with your public key. It decrypts > that to get the session key, then uses the session key to decrypt the > original message. > > There are two ways to store that list of session key crypts. The > default is like a dictionary -- each ciphertext is indexed with the > key ID that encrypted it. When PGP decrypts this, it can quickly zip > right to the correct session ciphertext. The other way stores these > ciphertexts anonymously -- not indexed by key ID. This is more secure, > but slower because PGP must try each one in turn to find the correct > ciphertext. It's not a problem for a few recipients though -- it's > really only a performance problem with many separate recipients. > > -- > David Champion • d...@bikeshed.us