Does GnuPG use symmetric + public key encryption for large files?

Question

Recently, I have a need to encrypt few large files. I have the option to use the OpenSSL command line utility, however I prefer to use GnuPG.

1. How does GnuPG works under the hood with the --encrypt option? Does it generate symmetric key first, then it encrypt it with public key? Or is it only asymmetric encryption, which is heavy on performance?

2. If it's generating symmetric a key first, which then gets encrypted using the public key later (asymmetric), what algorithm does it use to encrypt data symmetrically?

The encryption method I'm asking about (symmetric + asymmetric encryption) is sometimes refered as "hybrid encryption" or with use of "session key".

I haven't found such information anywhere and digging through code is a pain.

Answer 1

OpenPGP always applies hybrid encryption (no matter how small the file/message is), thus encrypts the message using symmetric encryption and a session key, which again is encrypted using one or more public keys and asymmetric cryptography (once for each recipient). In fact, also symmetric encryption might be used again for the session key, if you also add a passphrase (you can encrypt combining a passphrase and public keys at the same time, such that either a passphrase or the matching private key can decrypt the message).

The (very simplified) structure of an OpenPGP message is more or less

• one or more Public-Key Encrypted Session Key Packets (Tag 1) and Symmetric-Key Encrypted Session Key Packets (Tag 3),
• followed by a Symmetrically Encrypted Data Packet (Tag 9),
• which then contains a Literal Data Packet (Tag 11), often wrapped in a Compressed Data Packet (Tag 8).

There is no difference between encrypting files and messages in OpenPGP, maybe apart from messages not having a filename attached. The packages and algorithms used are the exactly same ones.

Discussing algorithms used is a little bit more complicated and depends on the version of GnuPG, preferences set on the computer encrypting and preferences set by the recipient's key owner. The easy way to determine what's used is to run gpg --list-packets, which provides the full packet structure (reading RFC 4880 helps at understanding the output, and you will learn a lot about how OpenPGP works behind the scenes), often adding one or two -v options is sufficient and provides an easier to read and understand, textual output.

Answer 2

This is "hybrid encryption".

File format is called "OpenPGP" and is described in RFC 4880. It's a structure with sub-elements called "packets". Bulk data encryption uses symmetric encryption, while the symmetric key would be itself encrypted with the recipient asymmetric public key (RSA, ElGamal...) in a public-key encrypted session key packet.

This scheme allows for efficient encryption with several recipient: the data is encrypted once with a symmetric key, and that key is encrypted with each recipient public key.