write ch10

book/source/10-encryption.md

@@ -10,25 +10,46 @@ SPDX-License-Identifier: CC-BY-SA-4.0
 
 ## High-Level overview of the message encryption process
 
-Encryption in OpenPGP uses a [hybrid cryptosystem](hybrid_cryptosystems).
+OpenPGP uses a [hybrid cryptosystem](hybrid_cryptosystems). Encryption is performed in two distinct steps:
 
-This means that two distinct steps are performed:
-
-- Encryption of the plaintext with a (secret) symmetric key, the *message key*. The (potentially large) payload only needs to be stored once: all recipients can decrypt the same symmetrically encrypted ciphertext, using this single message key.
-- This symmetric message key is then stored in encrypted form, possibly multiple times, once for each recipient.
-  - Usually, the symmetric key is encrypted to a public encryption component key of the recipient.
+- The plaintext is encrypted with a (secret) symmetric key, the [*message key*](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-12.html#name-confidentiality-via-encrypt). The (potentially large) payload only needs to be stored once in its encrypted form, even if it is encrypted to multiple recipients.
+- For each recipient of the message, a packet with information about the message key is generated.
+  - Usually, the information that allows retrieval of the message key is encrypted to a public encryption component key of the recipient.
   - Alternatively - or additionally - the secret symmetric key may also be encrypted using a passphrase, in place of an asymmetric key. This is a specialized and less commonly used mode of operation that doesn't require OpenPGP certificates.
 
 ## Generations of encryption
 
 There are two generations of OpenPGP's encryption mechanism that the RFC allows for producing new encrypted messages, see [Packet Versions in Encrypted Messages](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-12.html#section-10.3.2.1).
 
+The main difference between these two generations lies in the symmetric part of the mechanism, abbreviated as "SEIPD", for *Symmetrically Encrypted and Integrity Protected Data*.
+
+Older encryption mechanisms existed in OpenPGP, but those must not be used for encryption anymore. More information about these legacy encryption mechanisms can be found in the [decryption](decryption_chapter) chapter.
+
 (SEIPDv2)=
-### SEIPD w/ AEAD (v2)
+### v2 SEIPD, based on AEAD
 
-New in OpenPGP version 6.
+This mechanism is new in OpenPGP version 6, and only supported by OpenPGP version 6 implementations. Consequently, ut can only be used when all recipients support OpenPGP version 6.
 
-### SEIPD (v1)
+v2 SEIPD can only be combined with either v6 PKESK or v6 SKESK.
+
+### v1 SEIPD, based on MDC
+
+This mechanism is supported by modern OpenPGP version 4 implementations. It was introduced in [RFC 4880](https://www.rfc-editor.org/rfc/rfc4880.html#section-5.13).
+
+It can only be combined with either v4 PKESK or v3 SKESK.
+
+When communicating with a mix of recipients, some of whose OpenPGP software only supports OpenPGP version 4, then this mechanism must be used.
+
+## Symmetric encryption, SEIPD
+
+This symmetric aspect of OpenPGP's encryption is entirely independent of OpenPGP keys. It only deals with symmetric keys (*session keys* and *message keys*)
+
+## Handling session keys with "ESK"
+
+This is a family of mechanisms for dealing with symmetric key material. It has two branches:
+
+- one that deals with asymmetric OpenPGP key material, and
+- (a less commonly used) one that doesn't use OpenPGP asymmetric key material, but instead uses passphrases to protect the symmetric key material.
 
 ## Advanced topics