From 1152dc20202a6d292b49366d03728a15e6e217fb Mon Sep 17 00:00:00 2001 From: Heiko Schaefer Date: Sun, 19 Nov 2023 15:16:12 +0100 Subject: [PATCH] write ch10 --- book/source/10-encryption.md | 39 +++++++++++++++++++++++++++--------- 1 file changed, 30 insertions(+), 9 deletions(-) diff --git a/book/source/10-encryption.md b/book/source/10-encryption.md index 250dd1c..9ca7a55 100644 --- a/book/source/10-encryption.md +++ b/book/source/10-encryption.md @@ -10,25 +10,46 @@ SPDX-License-Identifier: CC-BY-SA-4.0 ## High-Level overview of the message encryption process -Encryption in OpenPGP uses a [hybrid cryptosystem](hybrid_cryptosystems). +OpenPGP uses a [hybrid cryptosystem](hybrid_cryptosystems). Encryption is performed in two distinct steps: -This means that two distinct steps are performed: - -- Encryption of the plaintext with a (secret) symmetric key, the *message key*. The (potentially large) payload only needs to be stored once: all recipients can decrypt the same symmetrically encrypted ciphertext, using this single message key. -- This symmetric message key is then stored in encrypted form, possibly multiple times, once for each recipient. - - Usually, the symmetric key is encrypted to a public encryption component key of the recipient. +- The plaintext is encrypted with a (secret) symmetric key, the [*message key*](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-12.html#name-confidentiality-via-encrypt). The (potentially large) payload only needs to be stored once in its encrypted form, even if it is encrypted to multiple recipients. +- For each recipient of the message, a packet with information about the message key is generated. + - Usually, the information that allows retrieval of the message key is encrypted to a public encryption component key of the recipient. - Alternatively - or additionally - the secret symmetric key may also be encrypted using a passphrase, in place of an asymmetric key. This is a specialized and less commonly used mode of operation that doesn't require OpenPGP certificates. ## Generations of encryption There are two generations of OpenPGP's encryption mechanism that the RFC allows for producing new encrypted messages, see [Packet Versions in Encrypted Messages](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-12.html#section-10.3.2.1). +The main difference between these two generations lies in the symmetric part of the mechanism, abbreviated as "SEIPD", for *Symmetrically Encrypted and Integrity Protected Data*. + +Older encryption mechanisms existed in OpenPGP, but those must not be used for encryption anymore. More information about these legacy encryption mechanisms can be found in the [decryption](decryption_chapter) chapter. + (SEIPDv2)= -### SEIPD w/ AEAD (v2) +### v2 SEIPD, based on AEAD -New in OpenPGP version 6. +This mechanism is new in OpenPGP version 6, and only supported by OpenPGP version 6 implementations. Consequently, ut can only be used when all recipients support OpenPGP version 6. -### SEIPD (v1) +v2 SEIPD can only be combined with either v6 PKESK or v6 SKESK. + +### v1 SEIPD, based on MDC + +This mechanism is supported by modern OpenPGP version 4 implementations. It was introduced in [RFC 4880](https://www.rfc-editor.org/rfc/rfc4880.html#section-5.13). + +It can only be combined with either v4 PKESK or v3 SKESK. + +When communicating with a mix of recipients, some of whose OpenPGP software only supports OpenPGP version 4, then this mechanism must be used. + +## Symmetric encryption, SEIPD + +This symmetric aspect of OpenPGP's encryption is entirely independent of OpenPGP keys. It only deals with symmetric keys (*session keys* and *message keys*) + +## Handling session keys with "ESK" + +This is a family of mechanisms for dealing with symmetric key material. It has two branches: + +- one that deals with asymmetric OpenPGP key material, and +- (a less commonly used) one that doesn't use OpenPGP asymmetric key material, but instead uses passphrases to protect the symmetric key material. ## Advanced topics