Encryption Facility for OpenPGP encrypts data using a randomly-generated session key and a symmetric encryption algorithm (such as TDES or AES). It encrypts the session key and includes it with the encrypted data. The receiving application can decrypt the session key and, in turn, decrypt the data.
Encryption Facility for OpenPGP can package an OpenPGP message so that multiple trusted partners can securely exchange data. Encryption Facility for OpenPGP generates one random symmetric session key to encrypt the data to be exchanged. Then, in the case of public-key encryption, it encrypts the session key with the public keys of all the trusted partners; while in the case of PBE, it encrypts the session key with a shared passphrase.
When unpacking an OpenPGP message, Encryption Facility for OpenPGP searches its key respositories for a match to the public key that has been used to encrypt the session key. The OpenPGP standard defines a quick check that allows Encryption Facility for OpenPGP to know if its key can decrypt the packaged data. If this check succeeds, Encryption Facility for OpenPGP decrypts the data, and, if necessary, validates the signature and modification detection code of the data.