From 01739af17ce409b705dae6649445d1bafed01ad3 Mon Sep 17 00:00:00 2001 From: Heiko Schaefer Date: Sat, 18 Nov 2023 23:13:09 +0100 Subject: [PATCH] write ch10 --- book/source/10-encryption.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/book/source/10-encryption.md b/book/source/10-encryption.md index 843ec89..250dd1c 100644 --- a/book/source/10-encryption.md +++ b/book/source/10-encryption.md @@ -14,8 +14,8 @@ Encryption in OpenPGP uses a [hybrid cryptosystem](hybrid_cryptosystems). This means that two distinct steps are performed: -- Encryption of the plaintext with a (secret) symmetric key. The (potentially large) payload only needs to be stored once: all recipients use the same symmetric key, and all of them can decrypt the same symmetrically encrypted ciphertext. -- This symmetric key is then stored in encrypted form, possibly multiple time, once for each recipient. +- Encryption of the plaintext with a (secret) symmetric key, the *message key*. The (potentially large) payload only needs to be stored once: all recipients can decrypt the same symmetrically encrypted ciphertext, using this single message key. +- This symmetric message key is then stored in encrypted form, possibly multiple times, once for each recipient. - Usually, the symmetric key is encrypted to a public encryption component key of the recipient. - Alternatively - or additionally - the secret symmetric key may also be encrypted using a passphrase, in place of an asymmetric key. This is a specialized and less commonly used mode of operation that doesn't require OpenPGP certificates.