Andrea Danti - Fotolia

Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

Why are both symmetric and asymmetric encryption used in OpenPGP?

OpenPGP uses asymmetric encryption and symmetric encryption for different parts of its process. Expert Michael Cobb explains the purpose of hybrid encryption in message security.

Any chain is as weak as its weakest link. So, what is the point of Pretty Good Privacy using 2,048+ bit key pairs...

and 100+ character passphrases while using a 256-bit key to encrypt the message?

Encryption not only needs to be strong but cost-effective and efficient. Imagine if webpages viewed over HTTPS were significantly slower than those over HTTP; many users would opt for speed over security and put their internet security at risk. Pretty Good Privacy (PGP) can encrypt files and messages, as well as provide verification of who sent a message, both securely and quickly because it uses a variety of different encryption algorithms; this is sometimes referred to as hybrid encryption. PGP is now a trademark of Symantec, which acquired PGP Corp. in 2010, so this article refers to software that follows the OpenPGP standard RFC 4880 for encrypting and decrypting data.

OpenPGP uses asymmetric encryption, usually RSA, for validating identity (signing) and ensuring that only the intended recipient can access the information sent (encryption). Because encrypting large amounts of data using asymmetric encryption is relatively slow and resource intensive compared to symmetric encryption -- a particularly important consideration when encrypting data on mobile devices -- OpenPGP uses a symmetric encryption algorithm, usually AES, to encrypt the actual file or message content in order to accelerate the encryption process. Symmetric encryption cannot be used for signing, which is why a combination of algorithms is used. So, for example, the sender of a message would use the recipient's public key to encrypt a randomly generated session key -- used to encrypt the content of the actual message. The recipient can use their private key to decrypt the session key and then use that to decrypt the main message.

The reason different key sizes are used in symmetric and asymmetric encryption is because a symmetric algorithm is based on a shared secret, which is not mathematically solvable, whereas asymmetric cryptography relies on the complexity of a math problem for security. Breaking a 128-bit AES key by brute force would currently take many times the age of the universe, and breaking a 256-bit key is even less possible. Increasing the length of the symmetric key from 256 bits would dramatically increase the processing work, while only negligibly increasing the level of security, a pointless tradeoff as the risk is already insignificant. So, for symmetric ciphers, a 256-bit key makes sense.

Asymmetric encryption keys have to be much larger than symmetric keys because they can only use pairs of prime numbers, and there are fewer possible keys for any given number of bits than there are for the same symmetric key size. There are also patterns within the keys themselves, and the more information that is transmitted with the asymmetric encryption key, the more likely it is to be broken. Hence OpenPGP uses 2,048-bit keys with RSA to provide a similar level of security as the 256-bit AES cipher.

OpenPGP encrypted data has never been successfully cryptanalyzed, that is retrieving the plaintext from the ciphertext without knowing the key and using solely cryptanalysis methods. Other methods such as keyloggers have been used successfully, and the main weakness of OpenPGP and any form of encryption is the security of the password or passphrase used to protect the private key. This is why PGP allows users to create a 100+ character passphrase, as the longer this passphrase is, the harder it is for anyone to crack it using brute force and dictionary attacks.

Ask the Expert:
Want to ask Michael Cobb a question about application security? Submit your questions now via email. (All questions are anonymous.)

Next Steps

Learn about the benefits of OpenPGP encryption on messaging safety

Find out how the Pretty Easy Privacy project secures communications

Read about user privacy controls for Facebook, Google and Mozilla

This was last published in August 2016

Dig Deeper on Email and Messaging Threats-Information Security Threats