[Cryptography] PGP -- Can someone help me understand something?
Ralf Senderek
crypto at senderek.ie
Thu Aug 9 17:11:49 EDT 2018
On Thu, 9 Aug 2018, Matt Maxson wrote:
>
> The question was, basically, if someone has access to both a PGP encrypted email and a plain
> text version of the same email, can an attacker determine the key. The answer given was "no".
>
> I don't understand. Why can't that happen?
If you encrypt your plain text twice PGP (using AES) would produce a
different cryptogram. That is because there is an element of randomness
introduced in the encryption process (google for "random IV").
So the key you don't know contains that random IV and the encryption "key"
so that every time you encrypt your plaintext another (unpredictable)
key is being used. That's why you cannot derive the key from the
cryptogram knowing the plain text.
--ralf
PS: Someone knowing the "key" does also know the random IV and
consequently can decrypt the cryptogram. To understand this,
you don't have to delve into asymmetic cryptography, just make
yourself familiar with the practical uses of AES.
More information about the cryptography
mailing list