Hybrid cryptography

Hybrid cryptography is a cryptographic method that uses both symmetric and asymmetric encryption. It uses public key encryption to share a key for symmetric encryption. The message that is currently being sent is encrypted using its own private key, then the encrypted message is sent to the recipient. Since sharing a symmetric key is not secure, it is different for each session.

Example

Both PGP and GnuPG use hybrid encryption systems. The session key (symmetric key) is encrypted with the recipient's public key, and the outgoing message is encrypted with the symmetric key, all automatically combined into a single packet. The recipient uses his private key to decrypt the session key (symmetric key) and then uses this to decrypt the message.

A hybrid encryption system is no stronger than the asymmetric encryption or symmetric encryption it uses, regardless of which is weaker. In PGP and GnuPG the symmetric key system is probably the weakest part of the combination. However, if an attacker could crack a session key, it would only be useful to read a message encrypted with that session key. The attacker would have to start over and decrypt another session key in order to read any other messages.