Encryption

Encryption is one of the core facilities of OpenPGP. It provides confidentiality.

High-Level overview of the message encryption process

Encryption in OpenPGP uses a hybrid cryptosystem.

This means that two distinct steps are performed:

Encryption of the plaintext with a (secret) symmetric key, the message key. The (potentially large) payload only needs to be stored once: all recipients can decrypt the same symmetrically encrypted ciphertext, using this single message key.
This symmetric message key is then stored in encrypted form, possibly multiple times, once for each recipient.
- Usually, the symmetric key is encrypted to a public encryption component key of the recipient.
- Alternatively - or additionally - the secret symmetric key may also be encrypted using a passphrase, in place of an asymmetric key. This is a specialized and less commonly used mode of operation that doesn't require OpenPGP certificates.

Generations of encryption

There are two generations of OpenPGP's encryption mechanism that the RFC allows for producing new encrypted messages, see Packet Versions in Encrypted Messages.

(SEIPDv2)=

SEIPD w/ AEAD (v2)

New in OpenPGP version 6.

SEIPD (v1)

Advanced topics

Encrypt for multiple/single subkey per certificate?

"Negotiating" algorithms based on recipients preference subpackets

Prevent "downgrade" -> Policy

Implications of how a recipient cert is "addressed" (fingerprint/key-ID vs. user-ID) (preferences, expiration, revocation)

AEAD modes: GCM

:class: warning

Produce text around discussion: https://mailarchive.ietf.org/arch/msg/openpgp/ZTYD5VJsG1k2jJBbn5zIAf5o7d4/

Zooming in: Packet structure

Encryption yields a 'wrapped' openpgp packet stream

SKESK

Also see https://flowcrypt.com/docs/guide/send-and-receive/send-password-protected-emails.html

2.2 KiB Raw Blame History