Encrypting a Message Using Public Key

In general, whenever someone mentions that a message is “PGP-encrypted,” he or she means that the message was encrypted using Public Key Encryption. A message of this form is actually encrypted using a secret-key cipher, such as IDEA, using a randomly generated key. PGP takes that key and uses Public Key Encryption to transmit that key to all the intended recipients.

When PGP is told to encrypt using Public Key via the -e option, PGP takes the list of recipients, finds their public keys in the public key ring, generates the random session key, and encrypts the session key in each public key. Finally, PGP encrypts the message in the session key.

When the session key is encrypted, PGP adds random padding. Even if you use the same public key twice, the data that is sent will differ. If random padding did not occur, a message encrypted to multiple people would be vulnerable to a mathematical derivation of the session key used in the message. To eliminate this risk, PGP never creates the same output twice when encrypting a message. Not only does it defeat the math attack against the session key, but users also have plausible deniability about even encrypting a message because they cannot re-create the same ciphertext from the same plaintext. They can plausibly deny the fact that they created the message because they cannot create the exact same ciphertext output more than once.

~> pgp -ea message warlord tara jis
Pretty Good Privacy(tm) 2.6.2 - Public-key encryption for the masses.
(c) 1990-1994 Philip Zimmermann, Phil’s Pretty Good Software. 11 Oct 94
Uses the RSAREF(tm) Toolkit, which is copyright RSA Data Security, Inc.
Distributed by the Massachusetts Institute of Technology.
Export of this software may be restricted by the U.S. government.
Current time: 1995/11/27 19:41 GMT

Recipients’ public key(s) will be used to encrypt.
Key for user ID: Derek Atkins <warlord@MIT.EDU>
709-bit key, Key ID C1B06AF1, created 1992/09/25

Key for user ID: Ruth Thomas <tara@mail.Free.NET>
1024-bit key, Key ID D0C6326D, created 1995/11/14

Key for user ID: Jeffrey I. Schiller <jis@mit.edu>
1024-bit key, Key ID 0DBF906D, created 1994/08/27
.
Transport armor file: message.asc

When you encrypt messages, it is important to know who the recipient will be. PGP tries to use the key you specify, but it works only if you can specify a unique key. If the name requested matches multiple keys on the key ring, only the first matching key will be used. PGP does not prompt you to choose, nor does it even mention that there was an ambiguity. It is up to you to read the PGP output and recognize when the wrong key is being used.

Signing and Encrypting Messages

Various PGP options can be combined to perform multiple operations on a single message. The signing and encryption of a message can easily be performed in a single step by combining options on the command line. When options are combined on the command line, a hierarchy is used to determine which option is executed first. In this example, PGP first signs the message, and then encrypts the signed message.

~> pgp -sea message prz
Pretty Good Privacy(tm) 2.6.2 - Public-key encryption for the masses.
(c) 1990-1994 Philip Zimmermann, Phil’s Pretty Good Software. 11 Oct 94
Uses the RSAREF(tm) Toolkit, which is copyright RSA Data Security, Inc.
Distributed by the Massachusetts Institute of Technology.
Export of this software may be restricted by the U.S. government.
Current time: 1995/11/27 19:45 GMT

A secret key is required to make a signature.
You need a pass phrase to unlock your RSA secret key.
Key for user ID “Ruth Thomas <tara@mail.Free.NET>“

Enter pass phrase:

Because a signature is involved, PGP asks for a pass phrase, which must be the pass phrase of the secret key. PGP then uses this pass phrase to unlock the secret key and generate the signature on the message.

Pass phrase is good.
Key for user ID: Ruth Thomas <tara@mail.Free.NET>
1024-bit key, Key ID D0C6326D, created 1995/11/14
Just a moment....

Recipients’ public key(s) will be used to encrypt.
Key for user ID: Philip R. Zimmermann <prz@acm.org>
1024-bit key, Key ID C7A966DD, created 1993/05/21

WARNING:  Because this public key is not certified with a trusted
signature, it is not known with high confidence that this public key
actually belongs to: “Philip R. Zimmermann <prz@acm.org>“.

Are you sure you want to use this public key (y/N)? yes
.
Transport armor file: message.asc

Finally, PGP notifies you which keys are being used to encrypt the message and places the output into the appropriate file. This file can subsequently be transferred to someone else who must first decrypt the message before verifying the signature and reading its contents.