When you decrypt a personal file from another sender, do you decrypt that file with your own private key or is it a symmetric key?
I've been searching for it on the net for a while, but it's very confusing: one website says 'with the private key', another one says 'with a symmetric key'.
Generally, OpenPGP uses a hybrid approach: the message itself is encrypted with a symmetric encryption algorithm like AES and a distinct session key (a large random number individually created for each encrypted message), and then the session key is encrypted using public/private key cryptography. This combines the advantages of both concepts: symmetric encryption is very fast, while public/private key cryptography enables advanced key management functionality (ie., having split public and private keys).
So while technically the file is encrypted with symmetric cryptography, this is not directly visible to the user. It is not totally wrong if you say the file is encrypted through public/private key encryption, as the session key is not accessible without the private key.
OpenPGP also allows plain symmetric encryption, where the session key is derived from a passphrase without any public/private key cryptography.
For Open PGP and email Encryption in general, a hybrid approach is used. The reason for using a hybrid approach is that asymmetric encryption is computationally expensive and has some proven weakness with large amount of content. So the approach is as follows.
Only the recipient can decrypt and obtain the AES key as the same was encrypted using public key of the recipient. The recipient can then use the AES key to decrypt the cyphertext.
