From 42d396ece33832b034132cb18905c02b6a4c2e35 Mon Sep 17 00:00:00 2001 From: Heiko Schaefer Date: Sun, 19 Nov 2023 21:25:05 +0100 Subject: [PATCH] write ch10 --- book/source/10-encryption.md | 44 +++++++++++++++++++++++------------- 1 file changed, 28 insertions(+), 16 deletions(-) diff --git a/book/source/10-encryption.md b/book/source/10-encryption.md index 9ca7a55..9fe231f 100644 --- a/book/source/10-encryption.md +++ b/book/source/10-encryption.md @@ -17,39 +17,51 @@ OpenPGP uses a [hybrid cryptosystem](hybrid_cryptosystems). Encryption is perfor - Usually, the information that allows retrieval of the message key is encrypted to a public encryption component key of the recipient. - Alternatively - or additionally - the secret symmetric key may also be encrypted using a passphrase, in place of an asymmetric key. This is a specialized and less commonly used mode of operation that doesn't require OpenPGP certificates. -## Generations of encryption +## Generations of encryption mechanisms in OpenPGP -There are two generations of OpenPGP's encryption mechanism that the RFC allows for producing new encrypted messages, see [Packet Versions in Encrypted Messages](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-12.html#section-10.3.2.1). +OpenPGP's encryption mechanisms have evolved over time. The RFC shows an [overview of encryption mechanisms](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-12.html#section-10.3.2.1), and how they may be combined. -The main difference between these two generations lies in the symmetric part of the mechanism, abbreviated as "SEIPD", for *Symmetrically Encrypted and Integrity Protected Data*. +Two generations of encryption mechanisms are currently relevant in OpenPGP, and will co-exist for the foreseeable future. The main difference between these lies in the symmetric part of the encryption mechanism, represented by versions 1 and 2 of the *Symmetrically Encrypted and Integrity Protected Data* packets (abbreviated as "SEIPD"). More on these below. -Older encryption mechanisms existed in OpenPGP, but those must not be used for encryption anymore. More information about these legacy encryption mechanisms can be found in the [decryption](decryption_chapter) chapter. +Older, legacy encryption mechanisms exist in OpenPGP. However, those must not be used for encryption anymore. Messages encrypted using these legacy mechanisms may still be decrypted, for more information see the [decryption](decryption_chapter) chapter. + +## Symmetric encryption of data, SEIPD + +*Symmetrically Encrypted Integrity Protected Data* (SEIPD) packets represent the symmetric aspect of OpenPGP's encryption mechanism. The function of these packets is entirely independent of (asymmetric) OpenPGP keys. The SEIPD mechanisms only deal with symmetric cryptography. + +```{note} +SEIPD packets are the successor to the [Symmetrically Encrypted Data](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-12.html#name-symmetrically-encrypted-dat) packet, which is obsolete. +``` + +When decrypted, the data contained in a SEIPD packet forms an OpenPGP message. That is, the decrypted data consists of a series of OpenPGP packets. + +In both versions of SEIPD, the decryptor has obtained a *session key* in a previous step - before processing the SEIPD packet. Using this session key, the decryptor can decrypt the SEIPD packet and process the contained plaintext data. + +Both versions of SEIPD can be used in combination with two mechanisms that provide *session keys*: +- [Public-Key Encrypted Session Key](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-12.html#name-public-key-encrypted-sessio) packets (PKESK) and +- [Symmetric-Key Encrypted Session Key](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-12.html#skesk) packets (SKESK) (SEIPDv2)= ### v2 SEIPD, based on AEAD -This mechanism is new in OpenPGP version 6, and only supported by OpenPGP version 6 implementations. Consequently, ut can only be used when all recipients support OpenPGP version 6. +The [version 2 SEIPD](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-12.html#version-two-seipd) mechanism is new in OpenPGP version 6, and only supported by OpenPGP version 6 implementations. Consequently, it can only be used for encryption when all recipients support OpenPGP version 6. v2 SEIPD can only be combined with either [version 6 PKESK](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-12.html#v6-pkesk) or [version 6 SKESK](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-12.html#v6-skesk). -v2 SEIPD can only be combined with either v6 PKESK or v6 SKESK. +In version 2 SEIPD, the *session key* is transformed into a *message key*, based on a salt value in the v2 SEIPD packet. ### v1 SEIPD, based on MDC -This mechanism is supported by modern OpenPGP version 4 implementations. It was introduced in [RFC 4880](https://www.rfc-editor.org/rfc/rfc4880.html#section-5.13). +The [version 1 SEIPD](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-12.html#version-one-seipd) mechanism is supported by all modern OpenPGP version 4 implementations. It was introduced in [RFC 4880](https://www.rfc-editor.org/rfc/rfc4880.html#section-5.13). -It can only be combined with either v4 PKESK or v3 SKESK. +Version 1 SEIPD can only be combined with either [version 3 PKESK](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-12.html#v3-pkesk) or [version 4 SKESK](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-12.html#v4-skesk). When communicating with a mix of recipients, some of whose OpenPGP software only supports OpenPGP version 4, then this mechanism must be used. -## Symmetric encryption, SEIPD +## Handling session keys with *ESK packets -This symmetric aspect of OpenPGP's encryption is entirely independent of OpenPGP keys. It only deals with symmetric keys (*session keys* and *message keys*) +"ESK" is a family of mechanisms for dealing with symmetric key material. It has two branches: -## Handling session keys with "ESK" - -This is a family of mechanisms for dealing with symmetric key material. It has two branches: - -- one that deals with asymmetric OpenPGP key material, and -- (a less commonly used) one that doesn't use OpenPGP asymmetric key material, but instead uses passphrases to protect the symmetric key material. +- [PKESK](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-12.html#name-public-key-encrypted-sessio): Uses asymmetric OpenPGP key material to protect a session key, and +- [SKESK](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-12.html#name-symmetric-key-encrypted-ses): Uses passphrases to protect the symmetric key material, instead of OpenPGP asymmetric key material (this is less commonly used). ## Advanced topics