0

I'm using PGP to encrypt and send messages to friends. I've read up that the message is encrypted using a symetric key and then the symetric key is encrypted using the recipients public key. If you have multiple recipients then the symetric key is encrypted multiple times, once for each recipient, and added to the encrypted message. If you set a flag you also encrypt the key with your own public key and added to the message so that you can yourself decrypt it later from your sent items folder.

Now I imagined that the encrypted symetric keys would be embedded in the message as a table with columns email address and encrypted symetric key. So one recipient e.g. john would look through this table for his email address, say john@somewhere.com, find it and then know that that entry was for him to decode and get the symetric key.

My question is why can't I see a list of the recipients in the encrypted message? Without that the recipient would have to go through each entry in the table and attempt to decrypt it until he finds one that he can. Given that the result is a random number, the symetric key, how would any recipient know it was decrypted properly, well I guess unless he also attempts to use any attempt as a symetric key until he finds one that works.

So again, I sort of assumed that I should be able to see a list of recipients in the encrypted message without decrypting, but I can't. What's going on?

Mikey
  • 89
  • 7

1 Answers1

0

In the OpenPGP terminology the packet that holds the symmetric key encrypted with the public key of the recipient is knows as 'Public Key Encrypted Session Key Packet'. Defined in RFC 4880 https://www.rfc-editor.org/rfc/rfc4880#page-17

In this packet only the Key ID of the public encryption key is stored (not its User Id - which is an email address in most cases). And the recipient finds the packet that she should decrypt by searching by Key ID (actually this should be done by the PGP software).

The recipient will always know that the symmetric key is decrypted properly, because otherwise the decryption algorithm will fail.

The same applies to decrypting the data packet with a random key - each block cipher will fail at the end when it verifies the checksum of the last block. Even if you remove the checksum calculation of the symmetric cipher implementation, you will receive just garbage data:)

Community
  • 1
  • 1
Peter Kalef ' DidiSoft
  • 1,454
  • 17
  • 21
  • This is good information and I expect then that emails will have this information in a header somewhere. I have gone searching for the key-id's in the email and still can't find it. I'm using Claws Mail 3.91. I've gone to the directory where the emails are stored and opened the email (file which is named as just a number) using a text editor from there. I still don't understand why I can't read the key-id's somewhere in the file. – Mikey Sep 02 '13 at 10:31