vanitasvitae/openpgp-notes
1
0
Fork 0
mirror of https://codeberg.org/openpgp/notes.git synced 2025-09-09 19:29:41 +02:00
Code Issues Projects Releases Packages Wiki Activity
openpgp-notes/book/source/10-encryption.md
Heiko Schaefer 1152dc2020
write ch10
2023-12-10 20:43:45 +01:00

3.8 KiB
Raw Blame History

(encryption_chapter)=

Encryption

Encryption is one of the core facilities of OpenPGP. It provides confidentiality.

High-Level overview of the message encryption process

OpenPGP uses a hybrid cryptosystem. Encryption is performed in two distinct steps:

  • The plaintext is encrypted with a (secret) symmetric key, the message key. The (potentially large) payload only needs to be stored once in its encrypted form, even if it is encrypted to multiple recipients.
  • For each recipient of the message, a packet with information about the message key is generated.
    • Usually, the information that allows retrieval of the message key is encrypted to a public encryption component key of the recipient.
    • Alternatively - or additionally - the secret symmetric key may also be encrypted using a passphrase, in place of an asymmetric key. This is a specialized and less commonly used mode of operation that doesn't require OpenPGP certificates.

Generations of encryption

There are two generations of OpenPGP's encryption mechanism that the RFC allows for producing new encrypted messages, see Packet Versions in Encrypted Messages.

The main difference between these two generations lies in the symmetric part of the mechanism, abbreviated as "SEIPD", for Symmetrically Encrypted and Integrity Protected Data.

Older encryption mechanisms existed in OpenPGP, but those must not be used for encryption anymore. More information about these legacy encryption mechanisms can be found in the decryption chapter.

(SEIPDv2)=

v2 SEIPD, based on AEAD

This mechanism is new in OpenPGP version 6, and only supported by OpenPGP version 6 implementations. Consequently, ut can only be used when all recipients support OpenPGP version 6.

v2 SEIPD can only be combined with either v6 PKESK or v6 SKESK.

v1 SEIPD, based on MDC

This mechanism is supported by modern OpenPGP version 4 implementations. It was introduced in RFC 4880.

It can only be combined with either v4 PKESK or v3 SKESK.

When communicating with a mix of recipients, some of whose OpenPGP software only supports OpenPGP version 4, then this mechanism must be used.

Symmetric encryption, SEIPD

This symmetric aspect of OpenPGP's encryption is entirely independent of OpenPGP keys. It only deals with symmetric keys (session keys and message keys)

Handling session keys with "ESK"

This is a family of mechanisms for dealing with symmetric key material. It has two branches:

  • one that deals with asymmetric OpenPGP key material, and
  • (a less commonly used) one that doesn't use OpenPGP asymmetric key material, but instead uses passphrases to protect the symmetric key material.

Advanced topics

Encrypt for multiple/single subkey per certificate?

"Negotiating" algorithms based on recipients preference subpackets

Prevent "downgrade" -> Policy

Implications of how a recipient cert is "addressed" (fingerprint/key-ID vs. user-ID) (preferences, expiration, revocation)

AEAD modes: GCM

:class: warning

Produce text around discussion: https://mailarchive.ietf.org/arch/msg/openpgp/ZTYD5VJsG1k2jJBbn5zIAf5o7d4/

Zooming in: Packet structure

Encryption yields a 'wrapped' openpgp packet stream

SKESK

Also see https://flowcrypt.com/docs/guide/send-and-receive/send-password-protected-emails.html