What usually happens to the symmetric (session) key after decrypting an email? Can the key be recovered if changing private keys?

Information Security Asked by jaybeatle on January 6, 2022

I’ve been preparing for a CISSP exam and was reading about applied cryptography in regard to email.

It’s my understanding that the popular schemes (PGP,S/Mime) use a combination of asymmetric and symmetric cryptography. If I’m reading things correctly, in S/MIME, the message is encrypted using a sender generated symmetric key. In turn, the symmetric key is encrypted using the receiver’s public key.

Encrypted Email

If the receiver changed their private key, they would no longer be able to decrypt the message. However, I was wondering if it was possible to recover the symmetric key from when the email was previously opened?

My guess would be that the email client does not intentionally store the key since that would present a security risk. Just wanted to see if that actually occurs or if there’s something I’m missing.

One Answer

The general and normal solution, as commented, is that the recipient retains old privatekeys to decrypt old messages, even though the corresponding publickeys have expired (or even been revoked). In fact in some organizational settings the privatekeys used for decryption are backed-up by the organization so that email can still be read if the individual(s) to whom it was sent leave(s) or die(s). (In tech this is sometimes called a 'bus factor' -- if an employee with key information and/or abilities is hit by a bus and killed, can the organization continue operating without them?) In contrast privatekeys used for signing are not subject to this requirement; if a person leaves, the new person should publish a new signing key which recipient(s) accept as valid, but should not be able to make it appear the old person signed something they actually didn't. BTW these approaches apply to both PGP and S/MIME, although the method of publishing a new key differs somewhat.

GnuPG (one implementation of PGP) has a feature intended for a slightly different case: see --show-session-key et seq in . The idea is that if you are forced to disclose some of your email -- for example in a lawsuit -- instead of giving the privatekey that allows decryption of all your (past) messages you can give the DEK(s) for a specific message(s).

Answered by dave_thompson_085 on January 6, 2022

Add your own answers!

Related Questions

Jenkins malicious process identification

2  Asked on October 28, 2021 by nemanja-martinovic


Does encrypted content in a database need to be signed?

1  Asked on October 28, 2021 by ian-warburton


WhatsApp account got “hacked”/hijacked?

1  Asked on October 28, 2021 by d-a-vorm


iCloud deletion

1  Asked on October 28, 2021 by mp115


Difference between Zeek (Bro) and Snort 3

2  Asked on October 28, 2021 by ustavsaat


Help Understanding PHP Reverse Shells

1  Asked on October 28, 2021 by pdawg


Refresh token using a separate auth server?

0  Asked on October 28, 2021


Is the perfect MITM attack possible?

1  Asked on October 28, 2021 by user238715


What attack vectors does arbitrary JS on a user profile allow?

2  Asked on October 28, 2021 by sellarafaeli


Processing Exceptionally High Volume Singular Flows

1  Asked on March 9, 2021 by reedghost


Ask a Question

Get help from others!

© 2023 All rights reserved. Sites we Love: PCI Database, MenuIva, UKBizDB, Menu Kuliner, Sharing RPP, SolveDir