Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

I have noticed that when I am using GnuPG to encrypt a file for multiple recipie

ID: 657593 • Letter: I

Question

I have noticed that when I am using GnuPG to encrypt a file for multiple recipients, the size of the encrypted message does not seem to be directly proportional to the number of recipients.

For example, a file that I tested is 836 bytes in plaintext.

- encrypted for 1 recipient, it is 1090 bytes
- encrypted for 2 recipients , it is 1619 bytes (810 bytes per recipient)
- encrypted for 9 recipients, it is 4738 bytes (526 bytes per recipient)
- encrypted for 51 recipients, 26,397 bytes (517 bytes per recipient)

Since encrypted data should look random, I am thinking that the difference is not due to compression. Not all of the 51 keys are the same key size/algorithm, but I do not see how this could account for such a dramatic average file size.

How is it that I can encrypt an 836 byte file for 51 people, so that they can all decrypt my file back to its original size without appending at least 836 bytes per recipient?

Explanation / Answer

Because the entire message is not encrypted separately for each recipient.

Instead, a single symmetric encryption key is chosen at random, the message is encrypted once using that key, and then the encryption key is itself encrypted separately for each recipient, using that recipient's public key, and appended to the encrypted message.

Each recipient decrypts the message by first using their private key to decrypt the symmetric encryption, and then decrypts the message using that key.

Since keys are typically much shorter than the plaintext, this saves a lot of space. (It also lets the recipients know they've all decrypted the same message. If the messages were encrypted separately for recipient, a devious sender could send different messages to each recipient, pretending they were all carbon copies of the same message.)

With your data, adding the second recipient added 527 bytes. That second recipient probably had a 512-byte key, plus 15 bytes to identify the recipient. Successive recipients will have had different key lengths and different identifying data, so the amount added for each will vary.

Related Questions

I have no idea which equations to use and how to get the answers, (a). A basebal
Question #1331618
I have no idea why my code is not working, please help me see whats the problem
Question #3545242
I have no idea.. how to do this. Since user and group management is such a large
Question #3540431
I have no problem following the first two pages (14 & 15), but am confused at th
Question #3027724
I have no problem with number 4. I\'m just trying to explain number 5 correctly.
Question #3604461
I have no source for this, but I\'ve heard people offhandedly mention problems t
Question #652167
I have no textbook, and am a civil engineer trying to get thru a 6 week cs class
Question #3627648
I have no understanding of what should go in the boxes Use of the stack The purp
Question #3562967

Navigate

Previous
I have noticed that it is common practice when setting up a user account (Window
Next
I have number 6,7,8 and 9 down just need the other 6. If [a] =[b] in Im, then a