Thefollowing text is taken from chapter 1 of the document Introductionto Cryptographyin the PGP 6.5.1 documentation. Copyright 1990-1999 NetworkAssociates, Inc. and its Affiliated Companies. All Rights Reserved.Converted from PDF to HTML at then manually edited by hand.

PGP thencreates a session key, which is a one-time-only secret key.This key is a random number generated from the random movements of yourmouse and the keystrokes you type. This session key works with a verysecure, fast conventional encryption algorithm to encrypt theplaintext; the result is ciphertext. Once the data is encrypted, thesession key is then encrypted to the recipient's public key. Thispublic key-encrypted session key is transmitted along with theciphertext to the recipient.

PGP uses acryptographically strong hash function on the plaintext the user issigning. This generates a fixed-length data item known as a messagedigest. (Again, any change to the information results in a totallydifferent digest.)

Then PGP usesthe digest and the private key to create the "signature." PGP transmitsthe signature and the plaintext together. Upon receipt of the message,the recipient uses PGP to recompute the digest, thus verifying thesignature. PGP can encrypt the plaintext or not; signing plaintext isuseful if some of the recipients are not interested in or capable ofverifying the signature.

