From d2def8cb89b9acbf618ca2ddef43e418090e9370 Mon Sep 17 00:00:00 2001 From: Paul Schaub Date: Fri, 8 Dec 2023 15:52:54 +0100 Subject: [PATCH] Improve section on symmetric ciphers used for SKESKv4+SEIPDv1 --- book/source/11-decryption.md | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/book/source/11-decryption.md b/book/source/11-decryption.md index a14b3df..778c19a 100644 --- a/book/source/11-decryption.md +++ b/book/source/11-decryption.md @@ -55,7 +55,11 @@ Decrypting the session-key from a version 4 SKESK packet. ``` With version 4 SKESK packets, which are only used with version 1 SEIPD packets, the *session-key* is used as *message-key* without an intermediate derivation. -The symmetric cipher algorithm tag of the SKESK packet dictates the cipher algorithm used to decrypt the plaintext from the SEIPD packet. +When the direct method is used, meaning no encrypted session-key was contained in the SKESK packet, the symmetric cipher algorithm ID of the SKESK packet dictates the cipher algorithm used to decrypt the plaintext from the SEIPD packet. + +Otherwise, the cipher algorithm ID to decrypt the SEIPD packet was prefixed to the decrypted session key. + +Sanitizing this first byte acts as a very early quick check to verify that the used passphrase was correct. For further validation of the session-key, see [](decryption_seipd_quick_check). ### SKESK v6 @@ -186,6 +190,7 @@ Legacy mode, may be decrypted, but not produced. ## Advanced topics +(decryption_seipd_quick_check)= ### Verify successful session-key decryption SEIPDv1 packets might make use of a "quick check" mechanism to quickly verify that the correct session key was used without the need to decrypt the whole SEIPD packet.