mirror of
https://codeberg.org/openpgp/notes.git
synced 2025-09-09 11:19:41 +02:00
Edits for clarity
This commit is contained in:
Heiko Schaefer
parent
b24fddf2a9
commit
07c68cd0e3
1 changed files with 14 additions and 10 deletions
|
|
@ -24,10 +24,10 @@ For an in-depth, packet-level view of encrypted data in OpenPGP, see {ref}`zoom_
|
|||
|
||||
Encryption in OpenPGP is performed in two distinct steps:
|
||||
|
||||
1. **Symmetric encryption**: The plaintext is encrypted based on a (secret) symmetric key, the [*session key*](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-12.html#name-confidentiality-via-encrypt). The (potentially large) ciphertext only needs to be stored once, even if it is sent to multiple recipients. All recipients get access to the same shared session key to decrypt the message.
|
||||
2. **Session key transmission**: For each recipient of the message, a packet that contains the session key is generated.
|
||||
- Usually, the session key is encrypted to a public encryption component key of the recipient.
|
||||
- Alternatively - or additionally - the session key may also be encrypted using a passphrase. This is a specialized and less commonly used mode of operation that doesn't require OpenPGP certificates.
|
||||
1. **Symmetric encryption**: The plaintext is encrypted based on a (secret) symmetric key, the [*session key*](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-12.html#name-confidentiality-via-encrypt). The (potentially large) ciphertext only needs to be stored once, even if it is sent to multiple recipients. All recipients get access to the same shared *session key* to decrypt the message.
|
||||
2. **Session key transmission**: For each recipient of the message, a packet that contains a protected copy of the session key is generated.
|
||||
- Usually, the *session key* is encrypted to a public encryption component key of the recipient.
|
||||
- Alternatively - or additionally - the *session key* may also be encrypted using a passphrase. This is a specialized and less commonly used mode of operation that doesn't require OpenPGP certificates.
|
||||
|
||||
```{note}
|
||||
Above, "plaintext" means one of:
|
||||
|
|
@ -44,25 +44,29 @@ A *signed message*, in turn, is a packet sequence that either
|
|||
|
||||
OpenPGP's encryption mechanisms have evolved over time. The RFC shows an [overview of encryption mechanisms](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-12.html#section-10.3.2.1), and how they may be combined.
|
||||
|
||||
Two generations of encryption mechanisms are currently relevant in OpenPGP, and will co-exist for the foreseeable future. The main difference between these lies in the symmetric part of the encryption mechanism, represented by versions 1 and 2 of the *Symmetrically Encrypted and Integrity Protected Data* packets (abbreviated as "SEIPD"). The two versions use different mechanisms to provide non-malleability. More on these below.
|
||||
Two generations of encryption mechanisms are currently relevant in OpenPGP, and will co-exist for the foreseeable future.
|
||||
|
||||
Older, legacy encryption mechanisms exist in OpenPGP. However, those must not be used for encryption anymore. Messages encrypted using these legacy mechanisms may still be decrypted, although with caution. For more information see the [decryption](decryption_chapter) chapter.
|
||||
The main difference between these lies in the symmetric part of the encryption mechanism, represented by versions 1 and 2 of the *Symmetrically Encrypted and Integrity Protected Data* packets (abbreviated as "SEIPD"). The two versions use different mechanisms to provide non-malleability. More on these below.
|
||||
|
||||
Older, legacy encryption mechanisms exist in OpenPGP. However, those must not be used for encryption anymore. Messages encrypted using these legacy mechanisms may still be decrypted, although with caution. For more information, see the [decryption](decryption_chapter) chapter.
|
||||
|
||||
SEIPD packets are used in combination with two mechanisms that store *session keys*:
|
||||
|
||||
- [Public-Key Encrypted Session Key](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-12.html#name-public-key-encrypted-sessio) (PKESK) packets and
|
||||
- [Symmetric-Key Encrypted Session Key](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-12.html#skesk) (SKESK) packets.
|
||||
|
||||
The typical combination of mechanisms for encryption in OpenPGP is a [hybrid cryptosystem](hybrid_cryptosystems), consisting of one or more [Public-Key Encrypted Session Key](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-12.html#name-public-key-encrypted-sessio) packets (PKESK), followed by a [Symmetrically Encrypted Integrity Protected Data* (SEIPD) packet. In this combination, an asymmetric cryptographic mechanism is used to protect a *session key* inside PKESK packets, which is used to protect the plaintext using symmetric-key encryption in a SEIPD packet.
|
||||
The typical combination of mechanisms for encryption in OpenPGP is a [hybrid cryptosystem](hybrid_cryptosystems), consisting of one or more [Public-Key Encrypted Session Key](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-12.html#name-public-key-encrypted-sessio) packets (PKESK), followed by a [Symmetrically Encrypted Integrity Protected Data](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-12.html#name-symmetrically-encrypted-int) (SEIPD) packet.
|
||||
|
||||
In this combination, an asymmetric cryptographic mechanism is used to protect a *session key* inside PKESK packets. The *session key*, in turn, is used to protect the plaintext using symmetric-key encryption in a SEIPD packet.
|
||||
|
||||
## Encrypted session keys: PKESK, SKESK
|
||||
|
||||
"*ESK" (encrypted session key) packets are a family of mechanisms for securing symmetric key material. There are two branches:
|
||||
Encrypted session key (ESK) packets are a family of two mechanisms for securing symmetric key material:
|
||||
|
||||
- [PKESK](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-12.html#name-public-key-encrypted-sessio): Uses asymmetric OpenPGP key material to protect a session key, and
|
||||
- [SKESK](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-12.html#name-symmetric-key-encrypted-ses): Uses passphrases to protect the symmetric key material, instead of OpenPGP asymmetric key material (this is less commonly used).
|
||||
|
||||
An arbitrary number of PKESKs and SKESKs can be used for the same message. It is also possible to mix those, resulting in a message which can be decrypted using either one of the designated OpenPGP keys or any of the passwords used to encrypt the message. This is useful to make a message available to a number of known recipients, with the option to provide the password to future recipients.
|
||||
An arbitrary number of PKESKs and SKESKs can be used in the same message. It is also possible to mix the two, resulting in a message which can be decrypted using either one of the designated OpenPGP keys or any of the passwords used to encrypt the message. This is useful to make a message available to a number of known recipients, with the option to provide the password to future recipients.
|
||||
|
||||
### PKESK: Session key encrypted to an asymmetric OpenPGP key
|
||||
|
||||
|
|
@ -70,7 +74,7 @@ To encrypt an OpenPGP message for a recipient, the session key is encrypted to t
|
|||
|
||||
This procedure is repeated for each recipient of the message, and all resulting PKESK packets are prepended to the SEIPD packet (see below) containing the actual message.
|
||||
|
||||
Typically, the sender would also include themselves as a recipient, in order to be able to decrypt the sent message at a later point in time.
|
||||
Typically, the sender would also include themselves as a recipient, to be able to decrypt the message with their own key at a later point in time.
|
||||
|
||||
### SKESK: Session key encrypted to a passphrase
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue