From 7d7a2914151e56119c74966f75fcff2f1ab5e93d Mon Sep 17 00:00:00 2001 From: Heiko Schaefer Date: Sat, 18 Nov 2023 22:49:02 +0100 Subject: [PATCH] write ch10 --- book/source/10-encryption.md | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) diff --git a/book/source/10-encryption.md b/book/source/10-encryption.md index 2b48280..843ec89 100644 --- a/book/source/10-encryption.md +++ b/book/source/10-encryption.md @@ -10,18 +10,24 @@ SPDX-License-Identifier: CC-BY-SA-4.0 ## High-Level overview of the message encryption process -Core concept: +Encryption in OpenPGP uses a [hybrid cryptosystem](hybrid_cryptosystems). -- The plaintext is encrypted with a symmetric "session key." -- The "session key" itself is stored in encrypted form, possibly multiple times: - - The session key is encrypted to the encryption keys of each intended recipient of the message. - - Alternatively, or additionally, the session key may be encrypted using a passphrase (this mode of operation doesn't require any OpenPGP certificates.) +This means that two distinct steps are performed: + +- Encryption of the plaintext with a (secret) symmetric key. The (potentially large) payload only needs to be stored once: all recipients use the same symmetric key, and all of them can decrypt the same symmetrically encrypted ciphertext. +- This symmetric key is then stored in encrypted form, possibly multiple time, once for each recipient. + - Usually, the symmetric key is encrypted to a public encryption component key of the recipient. + - Alternatively - or additionally - the secret symmetric key may also be encrypted using a passphrase, in place of an asymmetric key. This is a specialized and less commonly used mode of operation that doesn't require OpenPGP certificates. ## Generations of encryption +There are two generations of OpenPGP's encryption mechanism that the RFC allows for producing new encrypted messages, see [Packet Versions in Encrypted Messages](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-12.html#section-10.3.2.1). + (SEIPDv2)= ### SEIPD w/ AEAD (v2) +New in OpenPGP version 6. + ### SEIPD (v1) ## Advanced topics