GIAC Security Essentials Certification (GSEC) — Question 11

Which of the following choices accurately describes how PGP works when encrypting email?

Answer options

• A. PGP encrypts the message with the recipients public key, then encrypts this key with a random asymmetric key.
• B. PGP creates a random asymmetric key that it uses to encrypt the message, then encrypts this key with the recipient's public key
• C. PGP creates a random symmetric key that it uses to encrypt the message, then encrypts this key with the recipient's public key
• D. PGP encrypts the message with the recipients public key, then encrypts this key with a random symmetric key.

Correct answer: C

Explanation

The correct answer is C because PGP uses a random symmetric key to encrypt the actual message for efficiency, and then it encrypts that symmetric key with the recipient's public key to ensure that only the intended recipient can decrypt it. Option A is incorrect as it mentions using a random asymmetric key, which is not part of the PGP process. Option B incorrectly states that a random asymmetric key is created to encrypt the message, and option D mistakenly suggests that the message is encrypted with the public key, which is not how PGP operates.