Actually, revealing the encrypted-session-key for an OpenPGP message
should give you sufficient information to link the plaintext to the
encrypted message without actually giving away your private key or
passphrase. Considering that PGP implementations should be choosing
random session keys, this implies that session keys should not be
"Michael Young" <mwy-opgp97(_at_)the-youngs(_dot_)org> writes:
No. The message(+signature) contents are symmetrically encrypted.
There is no way to prove that the plaintext generates that specific
ciphertext without giving up the session key. Demonstrating
a decrypted signature or MDC shouldn't convince anyone that the
full plaintext matches that ciphertext.
If you're willing to show the plaintext, why do you care about
protecting the session key? Are you reusing it? This might be an
issue for a PGPdisk, for example, where one symmetric key protects the
entire contents... you can't reveal+prove selected parts. It
shouldn't be for ordinary OpenPGP uses. Are you afraid that
your randomness source has been compromised, such that other
session keys could be deduced? If so, you have a serious problem.
Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
Member, MIT Student Information Processing Board (SIPB)
URL: http://web.mit.edu/warlord/ PP-ASEL-IA N1NWH
warlord(_at_)MIT(_dot_)EDU PGP key available