Encryption keys for data encryption and integrity checks are exchanged as a part of the PGP authentication stage.
The client and server will take advantage of a strong random number generator in for instance the server, by XOR'ing the session keys if mutual authentication is performed. If only one-way authentication is performed, the keys sent in the authentication message are used. By not sending encryption keys in both directions, only one of the parties have to do the processor intensive public-key encryption.
Since the normal authentication procedure is one-way client to server authentication, the client must usually be able to generate strong session-keys. Equipping the server with a hardware random number generator will not pay off, unless mutual authentication is performed.
The session keys should be stored in a memory area which is common for all authentication types. This will make the encryption and integrity options independent of the authentication method used, as session keys will always be available when authentication has been performed.
RFC 1416, and hence the PGP authentication option, does not allow
for negotiation of a specific type of session key
,
depending on the encryption type selected. This is a weak point if new
encryption types which require special keys are invented.