From 2543f32e4083bc5d4cf026ca972204421c6c3282 Mon Sep 17 00:00:00 2001 From: Paul Schaub Date: Fri, 8 Dec 2023 16:33:03 +0100 Subject: [PATCH] Change topic titles and move direct-method into own subsubsection --- book/source/11-decryption.md | 22 ++++++++++++++-------- 1 file changed, 14 insertions(+), 8 deletions(-) diff --git a/book/source/11-decryption.md b/book/source/11-decryption.md index 88d7099..7eb7034 100644 --- a/book/source/11-decryption.md +++ b/book/source/11-decryption.md @@ -31,16 +31,16 @@ Once any of these methods succeeded, the resulting *session-key* is used to decr - using revoked subkey? ``` -## Symmetric decryption of the session-key (SKESK) +## Password-protected session-key (SKESK) Decrypting a SKESK packet to recover the *session-key* is done by performing the encryption steps in reverse, based on a user-provided passphrase. In both version 4 and version 6 of the SKESK packet, the user is prompted to enter a passphrase, which is passed through the S2K function described by the SKESK packet. -However, the subsequent steps of the procedure are different: +However, the subsequent steps of the procedure are different, as described in the following sections. ### SKESK v4 -Here, the result of the S2K function is a symmetric key, which is either used to decrypt the encrypted session-key contained in the SKESK packet, or - less commonly - used as session-key directly. +Here, the result of the S2K function is a symmetric key, which is either used to decrypt the encrypted session-key contained in the SKESK packet, or - less commonly - used as session-key directly (see [](decryption-skesk4-direct-method)). ```{note} @@ -55,11 +55,18 @@ Decrypting the session-key from a version 4 SKESK packet. ``` With version 4 SKESK packets, which are only used with version 1 SEIPD packets, the *session-key* is used as *message-key* without an intermediate derivation. -When the direct method is used, meaning no encrypted session-key was contained in the SKESK packet, the symmetric cipher algorithm ID of the SKESK packet dictates the cipher algorithm used to decrypt the plaintext from the SEIPD packet. + +(decryption-skesk4-direct-method)= +#### Direct-Method + +In version 4 of the SKESK packet, the encrypted session-key is optional. A missing encrypted session-key signals the use of the "direct-method", which means, the result of passing the passphrase through the S2K function is directly used as the session-key/message-key. + +When the direct method is used, the symmetric cipher algorithm ID of the SKESK packet dictates the cipher algorithm used to decrypt the plaintext from the SEIPD packet. Otherwise, the cipher algorithm ID to decrypt the SEIPD packet was prefixed to the decrypted session key. -Sanitizing this first byte acts as a very early quick check to verify that the used passphrase was correct. For further validation of the session-key, see [](decryption_seipd_quick_check). +Sanitizing this algorithm ID of the decrypted session-key acts as a very early quick check to verify that the used passphrase was correct. For further validation of the session-key, see [](decryption_seipd_quick_check). + ### SKESK v6 @@ -79,10 +86,9 @@ The result is the *session-key*. Decrypting the session-key from a version 6 SKESK packet. ``` -## Asymmetric decryption of the session key via PKESK +## Key-protected session key (PKESK) -More common than SKESK packets are PKESK packets which are used for asymmetric encryption of the session-key. -Here, the recipients secret key is used to decrypt the session-key. +More common than SKESK packets are PKESK packets which are used to protect the session-key using an encryption key of the recipient. ### PKESK v3