vanitasvitae/openpgp-notes
1
0
Fork 0
mirror of https://codeberg.org/openpgp/notes.git synced 2025-09-09 11:19:41 +02:00
Code Issues Projects Releases Packages Wiki Activity

ch10: edits

Browse source
This commit is contained in:
Heiko Schaefer 2023-11-20 15:24:42 +01:00
parent 3cd95f3300
commit 3d8bd5eab3
No known key found for this signature in database
GPG key ID: DAE9A9050FCCF1EB
1 changed files with 5 additions and 11 deletions
Download patch file Download diff file Expand all files Collapse all files

16
book/source/10-encryption.md
View file

@ -8,22 +8,16 @@ SPDX-License-Identifier: CC-BY-SA-4.0
[Encryption](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-10.html#section-2.1) is one of the core facilities of OpenPGP. It provides confidentiality.
For an in-depth, packet-level view of encrypted data in OpenPGP, see our chapter {ref}`zoom_enc`.
For an in-depth, packet-level view of encrypted data in OpenPGP, see {ref}`zoom_enc`.
## High-Level overview of the message encryption process
Encryption in OpenPGP is performed in two distinct steps:
1. The plaintext is encrypted with a (secret) symmetric key, the [*message key*](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-12.html#name-confidentiality-via-encrypt). The (potentially large) ciphertext only needs to be stored once, even if it is sent to multiple recipients. All recipients get access to the same shared symmetric key for this message.
2. For each recipient of the message, a packet with information about the message key is generated.
- Usually, the information that allows retrieval of the message key is encrypted to a public encryption component key of the recipient.
- Alternatively - or additionally - the secret symmetric key may also be encrypted using a passphrase. This is a specialized and less commonly used mode of operation that doesn't require OpenPGP certificates.
```{admonition} TODO
:class: warning
This text could center either the message, or the session key. Both are awkward, in different ways.
```
1. The plaintext is encrypted based on a (secret) symmetric key, the [*session key*](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-12.html#name-confidentiality-via-encrypt). The (potentially large) ciphertext only needs to be stored once, even if it is sent to multiple recipients. All recipients get access to the same shared session key to decrypt the message.
2. For each recipient of the message, a packet that contains the session key is generated.
- Usually, the session key is encrypted to a public encryption component key of the recipient.
- Alternatively - or additionally - the session key may also be encrypted using a passphrase. This is a specialized and less commonly used mode of operation that doesn't require OpenPGP certificates.
## Generations of encryption mechanisms in OpenPGP