Prev-20 Home Next-20 1 msg encryption failed 3 msg problem using encryption 2 msg Smart card: pcsctest fails 9 msg Two questions 2 msg FireGPG Report 2 msg errors in manual Re: If the message is encrypted symmetrically \ Henry Hertz Hobbit (22 Jun 2007) . \ John Clizbe (22 Jun 2007) 7 msg If the message is encrypted symmetrically... 16 msg RSA 4096 ridiculous? (was RSA 1024 ridiculous) 2 msg Problems generating keys on card '`SCD WRITEKEY... 1 msg new (2007-06-10) keyanalyze results (+sigcheck) 5 msg Which key is used when more than one are valid? 1 msg Re: New version of mac-gpg2 37 msg RSA 1024 ridiculous 1 msg 'export-secret-subkeys' between 2 computers 1 msg Regenerating keys on a cryptocard. 1 msg Can someone test my encryption subkey ? 6 msg Revoke and expire 6 msg PGP software pirated 4 msg Importing backed up card generated key Prev-20 Home Next-20

Prev-Msg Prev-Thread Gnupg-users Jun-2007 Next-Thread Next-Msg Subject: Re: If the message is encrypted symmetrically Group: Gnupg-users From: Henry Hertz Hobbit Date: 22 Jun 2007 Joseph Oreste Bruni <jbruni> wrote: > To extend our discussion, suppose I wish to send an encrypted message > to multiple recipients. I would then encrypt the (randomly generated) > symmetric key to each recipient's public key in turn. All of the > encrypted copies (of the symmetric key) are attached. A valid > recipient will be able to encrypt his (and only his) copy of the > symmetric key and then decrypt the document. Everything is fine with what you said until you say this. In real practice what Thunderbird and Evolution (I can't speak for the other email programs) do is generate a separate symmetric encryption for each user. Without looking at the source code (which I have NOT done for this particular situation) you can't tell whether each user gets a separate random symmetric session key or whether all users share the same random symmetric session key. Knowing the paranoia of encryption coders, I suspect that each user gets their own randomly created symmetric session key. It also doesn't make much sense if you use the same random session key for every user. If you do that, why not just have one copy of the symmetric encryption? Without looking at the code though, I don't know that for certain. I suspect that the mail programs just use what GnuPG gives them and only do the one call to GnuPG, so you can actually do the tests with the multiple users on the command line without even using email. However, I do know that if you do tests by actually sending the same encrypted mail message (use a fairly large message of at least 64 K) to one, two, and three recipients then you can see this. Save all of the messages to a file and edit out the headers and you will find the approximate size differences for the three files: double = 2 * single triple = 3 * single triple = 1.5 * double If you had one shared symmetric encryption you wouldn't have those size changes since you would only be adding the size of the asymmetric encryption of the randomly generated session key used to do the symmetric encryption for each additional person. I will volunteer for being one of the three users (after yourself you need only one more user) if you want to do the tests actually using email itself, but I would advise just using the multiple recipients on the command line first and comparing the sizes there. Rummage around in the Enigmail section of the Thunderbird forum and if they don't have the answer just ask if they only do one call to GnuPG to do the encryption. HHH _______________________________________________ Gnupg-users mailing list Gnupg-users http://lists.gnupg.org/mailman/listinfo/gnupg-users Prev-Msg Prev-Thread Gnupg-users Jun-2007 Next-Thread Next-Msg

© 2004-2008 readlist.com