normalize styling of terms

book/source/10-encryption.md

@@ -12,13 +12,13 @@ For an in-depth, packet-level view of encrypted data in OpenPGP, see {ref}`zoom_
 
 ## Terminology
 
-| Term | Description |
-|------|-------------|
-| SEIPD Packet | *Symmetrically Encrypted, Integrity Protected Data* packet; contains the encrypted message payload |
-| SKESK Packet | *Symmetric-Key-Encrypted Session-Key* packet; contains or provides a passphrase-encrypted Session-Key |
-| PKESK Packet | *Public-Key-Encrypted Session-Key* packet; contains a session-key encrypted using an asymmetric public-key |
-| Session-Key | Symmetric encryption key, which is either used directly as - or to derive - the Message-Key |
-| Message-Key | Symmetric encryption key used to encrypt the contents of the SEIPD packet |
+| Term         | Description                                                                                                |
+|--------------|------------------------------------------------------------------------------------------------------------|
+| SEIPD Packet | *Symmetrically Encrypted, Integrity Protected Data* packet; contains the encrypted message payload         |
+| SKESK Packet | *Symmetric-Key Encrypted Session Key* packet; contains or provides a passphrase-encrypted session key      |
+| PKESK Packet | *Public-Key Encrypted Session Key* packet; contains a session key encrypted using an asymmetric public key |
+| Session Key  | Symmetric encryption key, which is either used directly as - or to derive - the message key                |
+| Message Key  | Symmetric encryption key used to encrypt the contents of the SEIPD packet                                  |
 
 ## High-Level overview of the message encryption process
 
@@ -57,7 +57,7 @@ The typical combination of mechanisms for encryption in OpenPGP is a [hybrid cry
 
 ## Encapsulating session keys: PKESK, SKESK
 
-"*ESK" (encrypted session-key) packets are a family of mechanisms for encapsulation of symmetric key material. There are two branches:
+"*ESK" (encrypted session key) packets are a family of mechanisms for encapsulation of symmetric key material. There are two branches:
 
 - [PKESK](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-12.html#name-public-key-encrypted-sessio): Uses asymmetric OpenPGP key material to protect a session key, and
 - [SKESK](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-12.html#name-symmetric-key-encrypted-ses): Uses passphrases to protect the symmetric key material, instead of OpenPGP asymmetric key material (this is less commonly used).
@@ -66,7 +66,7 @@ An arbitrary number of PKESKs and SKESKs can be used for the same message. It is
 
 ### PKESK: Session key encrypted to an asymmetric OpenPGP key
 
-To encrypt an OpenPGP message for a recipient, the session-key is encrypted to the recipients public key. The resulting encrypted session key is packed into a PKESK packet, which holds essential metadata, like an identifier of the recipients encryption (sub)-key.
+To encrypt an OpenPGP message for a recipient, the session key is encrypted to the recipients public key. The resulting encrypted session key is packed into a PKESK packet, which holds essential metadata, like an identifier of the recipients encryption (sub)-key.
 
 This procedure is repeated for each recipient of the message, and all resulting PKESK packets are prepended to the SEIPD packet (see below) containing the actual message.
 
@@ -74,7 +74,7 @@ Typically, the sender would also include themselves as a recipient, in order to
 
 ### SKESK: Session key encrypted to a passphrase
 
-As an alternative (or augmentation) to PKESK packets, a message can also be encrypted to a symmetric passphrase. This is done using a SKESK packet, which uses an S2K mechanism to derive a symmetric key from a passphrase. This key is either used directly as the session-key, or more commonly, used as a key-encapsulation-key (KEK) to encrypt the session-key.
+As an alternative (or augmentation) to PKESK packets, a message can also be encrypted to a symmetric passphrase. This is done using a SKESK packet, which uses an S2K mechanism to derive a symmetric key from a passphrase. This key is either used directly as the session key, or more commonly, used as a key-encapsulation-key (KEK) to encrypt the session key.
 
 Also see https://flowcrypt.com/docs/guide/send-and-receive/send-password-protected-emails.html
 
@@ -109,7 +109,7 @@ The [version 1 SEIPD](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-
 
 Version 1 SEIPD can only be combined with [version 3 PKESK](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-12.html#v3-pkesk) and/or [version 4 SKESK](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-12.html#v4-skesk) packets.
 
-In this version of the SEIPD packet, the session-key is used directly as message-key, meaning the payload is encrypted symmetrically using the session-key.
+In this version of the SEIPD packet, the session key is used directly as message key, meaning the payload is encrypted symmetrically using the session key.
 
 When communicating with a mix of recipients, some of whose OpenPGP software only supports OpenPGP version 4, then this mechanism must be used.
 
@@ -117,7 +117,7 @@ When communicating with a mix of recipients, some of whose OpenPGP software only
 :name: fig-encryption-seipdv1-pkesk
 :alt: Depicts a dotted hexagon labeled "Plaintext", from which a curved arrow passes another dotted hexagon "Session Key" and finally points to a "SEIPDv1" packet. Two more curved arrows originate from the session key and pass Alice' and Bob's encryption key, ending in two PKESK packets.
 
-With SEIPDv1, the session-key is directly used as message-key to encrypt the payload
+With SEIPDv1, the session key is directly used as message key to encrypt the payload
 ```
 
 (SEIPDv2)=
@@ -130,14 +130,14 @@ v2 SEIPD can only be combined with either [version 6 PKESK](https://www.ietf.org
 In version 2 SEIPD, the *session key* is transformed into a *message key*, based on a per-message salt value stored separately in the v2 SEIPD packet. The message key is then used in an AEAD scheme to encrypt the message payload.
 
 ```{note}
-The session-key can use a different symmetric algorithm than the message-key.
+The session key can use a different symmetric algorithm than the message key.
 ```
 
 ```{figure} drawio/SEIPDv2-PKESK.svg
 :name: fig-encryption-seipdv2-pkesk
 :alt: TODO
 
-With SEIPDv2, the message-key is derived from the session-key in an extra step.
+With SEIPDv2, the message key is derived from the session key in an extra step.
 ```
 
 This additional step introduces key-separation into the protocol, which protects against certain attacks, such as an [OpenPGP SEIP downgrade attack](https://www.metzdowd.com/pipermail/cryptography/2015-October/026685.html).
@@ -145,7 +145,7 @@ This additional step introduces key-separation into the protocol, which protects
 ```{admonition} TODO
 :class: warning
 
-Explain, that with SEIPDv2, a session-key can essentially protect more than one message by reusing the same session-key and *ESK packets with a fresh, per-message salt.
+Explain, that with SEIPDv2, a session key can essentially protect more than one message by reusing the same session key and *ESK packets with a fresh, per-message salt.
 
 This might very well go into the advanced topics section though.
 ```