Graham King

Solvitas perambulum

How GPG works: Encrypt

software cryptography
Summary
When you encrypt a message with GPG, it generates a random session key, selects a preferred symmetric cipher from the recipient's public key (e.g., AES256), and uses this cipher and session key to compress and encrypt the file. The session key is then encrypted using the recipient's public key (with RSA) and appended to the message. For multiple recipients, the session key is encrypted separately for each. The passphrase used for decrypting or signing a message encrypts your private key for security and is not involved in the actual message encryption.

Here’s what happens when you encrypt a message with GPG / GnuPG (and probably other OpenPGP implementations):

  1. Generate session key

    When you encrypt a file to someone (-r person on the command line), GPG generates a session key, which is a large random number. You can see it when you decrypt a message:

     gpg --show-session-key myfile.gpg

  2. Choose a symmetric cipher

    GPG then looks at the recipients public key to find their preferred symmetric cipher. If you have my key on your ring (get it by doing gpg --recv-keys 0x127CFCD9B3B929D2) you can see my preferred symmetric cipher by typing:

     gpg -r graham -e --verbose test.txt

    It should be AES256.

  3. Encrypt using chosen cipher and generated session key

    Next it compresses then encrypts the file using the session key and the preferred cipher. So until now we’re still all symmetric encryption.

  4. Encrypt session key with public key

    Finally it encrypts that session key using the recipients public key (using RSA), and prepends the result to the front of the message. If there are several recipients, this step is repeated once for each person.

The passphrase GPG asks for when decrypting or signing a message, has nothing to do with message encryption. It is only used to symmetric encrypt your private key (default is CAST5 cipher). That’s in case someone steals your private key file. In terms of how GPG works, you can ignore the passphrase. If you just encrypt a message (without signing it) you won’t need to enter your passphrase at all (but in practice your should always sign your messages).