File encryption software: public key and private key

Security of the cGeep file encryption software is assured by the public key architecture^* implemented by our technical team. With this type of architecture of file encryption, every user has a key pair with the following characteristic: something encrypted by one of the pair can only be decrypted by the other part of the pair. With cGeep and the OpenPGP standard, you, as the user, generate your own key pair when you activate your account:

your public key, accessible to all other users. This allows you to encrypt messages as required.

Your private key, of which you are the sole owner and user. This is kept confidential. It allows you to decrypt encrypted messages that have been sent to you.

This type of architecture file encryption lets you encrypt data and send it to someone without needing to share a secret (such as a password or combination of words).

The technology used by cGeep file encryption software is currently the most straightforward and secure way of securing email exchanges and of assuring confidentiality of documents and messages.

*: Public Key Infrastructure (PKI)


Public key	Private key

File encryption software: protecting the private key

Only the user is able to access and use his private key.
To this end, from the moment it is generated, the private key is protected by a passphrase (a long password) which the user chooses, and is the only person to know it.

The passphrase means that the private key can be encrypted so that it cannot be used by anyone else.


Protecting the private key with the aid of a symmetric key derived from the passphrase.

Encrypting a file

The method used in cGeep for file encryption is hybrid encryption.
A symmetric key is generated at random and this is used to encrypt the data. This symmetric key, known as the "session" key because it is used only once, is in turn encrypted, using the recipient's public key.

Encrypting the file

A symmetric session key (128 bits in size) is generated to encrypt the document. It is used once only. This key, which is linked to a symmetric algorithm (AES or Blowfish) makes it possible the file encryption.


Encrypting the file with a single-use symmetric key

Encrypting the symmetric key

The cGeep plug-in for file encryption searches for the recipient's public key on the local workstation and on the cGeep key servers, and uses it to encrypt the session key.


Encrypting the single use symmetric key using the recipient's public key.

Send to recipient

The protected session key and the encrypted document are now added to the email.


Sending the encrypted symmetric key and the encrypted data to the recipient.

Decrypting a file

When the data is decrypted, the sequence is reversed.

Decrypting the symmetric key

The protected session key was sent with the encrypted file. cGeep plug-in decrypts this session key using the recipient's private key.


Decrypting the single use symmetric key using the recipient's private key.

Decrypting the file

cGeep plug-in then uses the session key to decrypt the data.


Decrypting the file with the single-use symmetric key

To summarize:

Data can only be decrypted with the session key.
The session key can only be decoded by the recipient's private key.
The recipient's private key can only be decoded by knowing his passphrase.

In this way the sender and the recipient can both be certain that the data they have exchanged is confidential.

>> RFC OpenPGP
>> How does it work?
>> Free Trial