Question about encrypt_to_keys with AES

[developerx-official]

I'm trying to encrypt data with public keys, using rsa/ecdh, so I was looking at the function encrypt_to_keys, and I noticed that it uses a symmetric algorithm.

I'm using AES256 currently, but does that mean that anyone with the public key passed into the function will be able to decrypt as well?

I tried the openpgp rsa encryption test and had issues running it, so I'm trying using this example as a base.

If I'm going about this wrong, then my apologies I must have misread the documentation. Any help you can offer I would greatly appreciate.

[dignifiedquire]

PGP in general uses both public/private key based and symmetric encryption. The rough outline is

• generate a small shared secret
• encrypt the actual content symmetrically with the shared secret
• encrypt the shared secret to the recipients using public/private crypto
• send over the encrypted secret and the encrypted content

So when using pgp you will always have a choice for both pieces. The encrypt_to_keys method will under the hood do roughly the above, inferring the algorithms for public key crypto, based on the passed in keys.

[developerx-official]

Thanks for the response! I very much appreciate the information :)
Just to make sure I understand, would the following be secure over an open channel?

pub fn encrypt(msg: &str, pubkey_str: &str) -> Result<String, anyhow::Error> {
    let (pubkey, _) = SignedPublicKey::from_string(pubkey_str)?;
    let msg = composed::message::Message::new_literal("none", msg);
    let mut rng = StdRng::from_entropy();
    let new_msg = msg.encrypt_to_keys(
        &mut rng,
        crypto::sym::SymmetricKeyAlgorithm::AES256,
        &[&pubkey],
    )?;
    Ok(new_msg.to_armored_string(None)?)
}