<!--
SPDX-FileCopyrightText: 2023 The "Notes on OpenPGP" project
SPDX-License-Identifier: CC-BY-SA-4.0
-->

(encryption_chapter)=
# Encryption

[Encryption](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-10.html#section-2.1) is one of the core facilities of OpenPGP. It provides confidentiality.

## High-Level overview of the message encryption process

Encryption in OpenPGP uses a [hybrid cryptosystem](hybrid_cryptosystems).

This means that two distinct steps are performed:

- Encryption of the plaintext with a (secret) symmetric key. The (potentially large) payload only needs to be stored once: all recipients use the same symmetric key, and all of them can decrypt the same symmetrically encrypted ciphertext.
- This symmetric key is then stored in encrypted form, possibly multiple time, once for each recipient.
  - Usually, the symmetric key is encrypted to a public encryption component key of the recipient.
  - Alternatively - or additionally - the secret symmetric key may also be encrypted using a passphrase, in place of an asymmetric key. This is a specialized and less commonly used mode of operation that doesn't require OpenPGP certificates.

## Generations of encryption

There are two generations of OpenPGP's encryption mechanism that the RFC allows for producing new encrypted messages, see [Packet Versions in Encrypted Messages](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-12.html#section-10.3.2.1).

(SEIPDv2)=
### SEIPD w/ AEAD (v2)

New in OpenPGP version 6.

### SEIPD (v1)

## Advanced topics

### Encrypt for multiple/single subkey per certificate?

### "Negotiating" algorithms based on recipients preference subpackets

#### Prevent "downgrade" -> Policy

### Implications of how a recipient cert is "addressed" (fingerprint/key-ID vs. user-ID) (preferences, expiration, revocation)

### AEAD modes: GCM

```{admonition} TODO
:class: warning

Produce text around discussion: https://mailarchive.ietf.org/arch/msg/openpgp/ZTYD5VJsG1k2jJBbn5zIAf5o7d4/
```

## Zooming in: Packet structure

### Encryption yields a 'wrapped' openpgp packet stream

### SKESK

Also see https://flowcrypt.com/docs/guide/send-and-receive/send-password-protected-emails.html