Public Key Encryption/Decryption of data

Question

When some data is encrypted with PGP, no password is provided. What is the password used in the symmetric algorithms portion of PGP?

this is the output of a small string encrypted with AES 256.

-----BEGIN PGP MESSAGE-----
Version: BCPG v1.39

hI4D+UDEMBpnd50QAf9bWG97E9FfnSKB/WpVcBtLJqk5f/Ih9YZTUDULDZpSE0TP
ObJnCs91okOv6/BtDRDZ84ChF5pOZezb5+aL3TW5AfwK3gJ7nPTlmZOm5Kf7qOfB
n307xpn0qRw395y1mfOm10TsMpaCkbSvwjhqPi8hRMM17y29OsqGLstZdeAaNTGt
0mwB7EiZti4jOUF3/SCNnn2vA9hVc6o6c0l0h5vQOF0L+eL1Pmhg8RcFT4kHRnI/
A+Ad4hsbOxD1vvzZHx2iETkt1JmNTHmOOY5Cw/n+sFlU9JzZpzAtqwUjjnyN8NjQ
6NbpwL6gebTJCVTNW2c=
=kI32
-----END PGP MESSAGE-----

Old: Public-Key Encrypted Session Key Packet(tag 1)(142 bytes)
        New version(3)
        Key ID - 0xF940C4301A67779D
        Pub alg - ElGamal Encrypt-Only(pub 16)
        ElGamal g^k mod p(511 bits) - 5b 58 6f 7b 13 d1 5f 9d 22 81 fd 6a 55 70 1b 4b 26 a9 39 7f f2 21 f5 86 53 50 35 0b 0d 9a 52 13 44 cf 39 b2 67 0a cf 75 a2 43 af eb f0 6d 0d 10 d9 f3 80 a1 17 9a 4e 65 ec db e7 e6 8b dd 35 b9 
        ElGamal m * y^k mod p(508 bits) - 0a de 02 7b 9c f4 e5 99 93 a6 e4 a7 fb a8 e7 c1 9f 7d 3b c6 99 f4 a9 1c 37 f7 9c b5 99 f3 a6 d7 44 ec 32 96 82 91 b4 af c2 38 6a 3e 2f 21 44 c3 35 ef 2d bd 3a ca 86 2e cb 59 75 e0 1a 35 31 ad 
                -> m = sym alg(1 byte) + checksum(2 bytes) + PKCS-1 block type 02

New: Symmetrically Encrypted and MDC Packet(tag 18)(108 bytes)
        Ver 1
        Encrypted data [sym alg is specified in pub-key encrypted session key]
                (plain text + MDC SHA1(20 bytes))

I know that the AES 256 value 9 is hidden in the first packet (tag 1), but where is the key? Since the public key is used to encrypt, there was no key hidden in the public key with which to encrypt. Also, I think RFC 4880 never actually specifies where to get a key.

Am i missing some important point about public key cryptography?

You may want to look at http://www.imc.org/ietf-openpgp/mail-archive/msg00010.html, especially section 5.1 and read on. — James Black, Jul 03 '12 at 00:27
If you don't get the answers you need, http://cryptography.stackexchange.com may be a good place to visit. — Rory Alsop, Jul 03 '12 at 08:57

score 2 · Answer 1 · answered Jul 03 '12 at 00:01

2

You don't need a key because anyone may use the public key. The public key is used for encrypting (in this case a random AES key, which is used to encrypt the rest of the data). Only during decryption will you need the private key to retrieve the encrypted AES key and - of course - the data. This is of course the public/private key pair of the receiving party(s).

answered Jul 03 '12 at 00:01

Maarten Bodewes

90,524
13
150
263

where do i retrieve it from? i dont see it in either packet, unless its `m` or `k` – calccrypto Jul 03 '12 at 00:13
Usually the shared key is generated by one of the parties (let's call them Alice) and encrypted using the other party's public key (Bob). To get the session password, you will need the other party's (Bob's) private key and decrypt the shared session key – Srdjan Grubor Jul 03 '12 at 00:35
Alice is encrypting data for bob and she needs his private key?????? – calccrypto Jul 03 '12 at 00:38
calccrypt: encryption is always performed with a public key, decryption with a private key (unless what you are encrypting is actually a signature, which is used to show that you have the private key) – Maarten Bodewes Jul 03 '12 at 11:06
calcrypt: eh, Alice in case would be *generating* the session key - hopefully using a secure RG. After encryption with the public key, only the corresponding private key can be used to decrypt the symmetric session key, and thus the data. So Alice, at that point *cannot* retrieve the session key from the message anymore. – Maarten Bodewes Jul 03 '12 at 23:15

score 0 · Answer 2 · answered Jul 03 '12 at 00:00

0

The randomly-generated session key is stored in the first packet:

... Public-Key Encrypted Session Key Packet ...

Raw data is never encrypted directly with public key algorithms; instead, a randomly-generated session key is used. If you encrypt to multiple recipients, the same session key will be encrypted to each recipient individually.

answered Jul 03 '12 at 00:00

sarnold

102,305
22
181
238

Presumably your recipient hasn't shared their private key widely... – sarnold Jul 03 '12 at 00:18
Because there's two ways to easily get `m` -- be present when the encryptor encrypts it, or be present when the decryptor decrypts it.... – sarnold Jul 03 '12 at 00:23
Excellent snippet on the other question; `m` contains the randomly-generated session key, as well as the algorithm indicator and a crc to indicate any potential errors in transmission. – sarnold Jul 03 '12 at 00:32

score 0 · Accepted Answer · answered Jul 03 '12 at 01:25

0

I just realized that i misinterpreted session key in the instructions as the packet, rather than the secret key

answered Jul 03 '12 at 01:25

calccrypto

8,583
21
68
99

Public Key Encryption/Decryption of data

3 Answers3