Quote from: BenCousins on October 12, 2012, 08:45 amQuote from: vbcycle on October 12, 2012, 02:35 amNah... nothing that fancy. When I encrypted it... I had to select Pine's, Cyphre's, Disco's, and Anony's public keys.... So it was encrypted 4 times in that block. Each of them can decrypt in the normal fashion. In order to continue the chain, Pine would have to have the public keys for Cyphre, Disco, Anony, and me.... and so on.It's just the next level of "how damn cool is that!?"how is that done?I was about to say I answered this, but then realised this message was sent a while before my answer. Anyway, in a little more detail what happens is this:If I encrypt a message to you, vbcycle and Pine I'd use a command similar to the one I posted earlier (e.g. gpg -ear BenCousins -r vbcycle -r pine message.txt).GPG takes the file message.txt and symmetrically encrypts it with a cipher known to be supported by each recipient. This information is included in the public keys, so it looks for the most preferred symmetric ciphers used by all 4 recipients (my key is included because of settings in my gpg.conf). Usually the symmetric cipher will be 256-bit AES. A randomly generated session key is used to decrypt the symmetrically encrypted message.That session key is then encrypted using the 4 public keys of the recipients, resulting in 4 separate and usually smaller encrypted messages. These are encrypted with either RSA or Elgamal, depending on what type of key each person has.Those four messages are then combined with the original symmetrically encrypted file to produce what we see as a single encrypted file. In this case it would be message.txt.asc and pasted into a forum message, email or SR message.When the intended recipients receive a copy the process is reversed. GPG checks the message to see if it is encrypted with a key to which the corresponding secret key is available. If it is then GPG uses the secret key and prompts for the passphrase. When the passphrase is entered the part of the message encrypted with the public key is decrypted to reveal the session key. Then GPG uses the session key to decrypt the original message.If the passphrase is entered incorrectly then an error message will be displayed to indicate that. If the message is encrypted to keys that are not available then the error message will say "secret key not available" instead.Side notes: it is possible to symmetrically encrypt a message and not use a public key. Anyone with the session key set when a message is encrypted that way can decrypt it. It is also possible to override the public key component if the session key is already known.