vanitasvitae/openpgp-notes
1
0
Fork 0
mirror of https://codeberg.org/openpgp/notes.git synced 2025-09-09 11:19:41 +02:00
Code Issues Projects Releases Packages Wiki Activity

write ch10

Browse source
This commit is contained in:
Heiko Schaefer 2023-11-19 23:10:49 +01:00
parent 9310f0178f
commit 33bda5f443
No known key found for this signature in database
GPG key ID: DAE9A9050FCCF1EB
1 changed files with 6 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

8
book/source/10-encryption.md
View file

@ -68,13 +68,17 @@ Version 1 SEIPD can only be combined with either [version 3 PKESK](https://www.i
When communicating with a mix of recipients, some of whose OpenPGP software only supports OpenPGP version 4, then this mechanism must be used.
## Handling session keys with *ESK packets
## Handling encrypted session keys: PKESK, SKESK
"ESK" is a family of mechanisms for dealing with symmetric key material. It has two branches:
"*ESK" is a family of mechanisms for dealing with symmetric key material. It has two branches:
- [PKESK](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-12.html#name-public-key-encrypted-sessio): Uses asymmetric OpenPGP key material to protect a session key, and
- [SKESK](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-12.html#name-symmetric-key-encrypted-ses): Uses passphrases to protect the symmetric key material, instead of OpenPGP asymmetric key material (this is less commonly used).
### PKESK: Session key encrypted to an asymmetric OpenPGP key
### SKESK: Session key encrypted to a passphrase
## Advanced topics
### Encrypt for multiple/single subkey per certificate?