vanitasvitae/openpgp-notes
1
0
Fork 0
mirror of https://codeberg.org/openpgp/notes.git synced 2025-09-09 11:19:41 +02:00
Code Issues Projects Releases Packages Wiki Activity

Change topic titles and move direct-method into own subsubsection

Browse source
This commit is contained in:
Paul Schaub 2023-12-08 16:33:03 +01:00
parent e7cb1e9bfe
commit 2543f32e40
Signed by: vanitasvitae
GPG key ID: 62BEE9264BF17311
1 changed files with 14 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

22
book/source/11-decryption.md
View file

@ -31,16 +31,16 @@ Once any of these methods succeeded, the resulting *session-key* is used to decr
- using revoked subkey?
```
## Symmetric decryption of the session-key (SKESK)
## Password-protected session-key (SKESK)
Decrypting a SKESK packet to recover the *session-key* is done by performing the encryption steps in reverse, based on a user-provided passphrase.
In both version 4 and version 6 of the SKESK packet, the user is prompted to enter a passphrase, which is passed through the S2K function described by the SKESK packet.
However, the subsequent steps of the procedure are different:
However, the subsequent steps of the procedure are different, as described in the following sections.
### SKESK v4
Here, the result of the S2K function is a symmetric key, which is either used to decrypt the encrypted session-key contained in the SKESK packet, or - less commonly - used as session-key directly.
Here, the result of the S2K function is a symmetric key, which is either used to decrypt the encrypted session-key contained in the SKESK packet, or - less commonly - used as session-key directly (see [](decryption-skesk4-direct-method)).
```{note}
@ -55,11 +55,18 @@ Decrypting the session-key from a version 4 SKESK packet.
```
With version 4 SKESK packets, which are only used with version 1 SEIPD packets, the *session-key* is used as *message-key* without an intermediate derivation.
When the direct method is used, meaning no encrypted session-key was contained in the SKESK packet, the symmetric cipher algorithm ID of the SKESK packet dictates the cipher algorithm used to decrypt the plaintext from the SEIPD packet.
(decryption-skesk4-direct-method)=
#### Direct-Method
In version 4 of the SKESK packet, the encrypted session-key is optional. A missing encrypted session-key signals the use of the "direct-method", which means, the result of passing the passphrase through the S2K function is directly used as the session-key/message-key.
When the direct method is used, the symmetric cipher algorithm ID of the SKESK packet dictates the cipher algorithm used to decrypt the plaintext from the SEIPD packet.
Otherwise, the cipher algorithm ID to decrypt the SEIPD packet was prefixed to the decrypted session key.
Sanitizing this first byte acts as a very early quick check to verify that the used passphrase was correct. For further validation of the session-key, see [](decryption_seipd_quick_check).
Sanitizing this algorithm ID of the decrypted session-key acts as a very early quick check to verify that the used passphrase was correct. For further validation of the session-key, see [](decryption_seipd_quick_check).
### SKESK v6
@ -79,10 +86,9 @@ The result is the *session-key*.
Decrypting the session-key from a version 6 SKESK packet.
```
## Asymmetric decryption of the session key via PKESK
## Key-protected session key (PKESK)
More common than SKESK packets are PKESK packets which are used for asymmetric encryption of the session-key.
Here, the recipients secret key is used to decrypt the session-key.
More common than SKESK packets are PKESK packets which are used to protect the session-key using an encryption key of the recipient.
### PKESK v3