vanitasvitae/openpgp-notes
1
0
Fork 0
mirror of https://codeberg.org/openpgp/notes.git synced 2025-09-10 03:39:41 +02:00
Code Issues Projects Releases Packages Wiki Activity
openpgp-notes/book/source/10-encryption.md
Heiko Schaefer 7d7a291415
write ch10
2023-12-10 20:43:45 +01:00

57 lines
2.2 KiB
Markdown
Raw Blame History

<!--
SPDX-FileCopyrightText: 2023 The "Notes on OpenPGP" project
SPDX-License-Identifier: CC-BY-SA-4.0
-->
(encryption_chapter)=
# Encryption
[Encryption](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-10.html#section-2.1) is one of the core facilities of OpenPGP. It provides confidentiality.
## High-Level overview of the message encryption process
Encryption in OpenPGP uses a [hybrid cryptosystem](hybrid_cryptosystems).
This means that two distinct steps are performed:
- Encryption of the plaintext with a (secret) symmetric key. The (potentially large) payload only needs to be stored once: all recipients use the same symmetric key, and all of them can decrypt the same symmetrically encrypted ciphertext.
- This symmetric key is then stored in encrypted form, possibly multiple time, once for each recipient.
- Usually, the symmetric key is encrypted to a public encryption component key of the recipient.
- Alternatively - or additionally - the secret symmetric key may also be encrypted using a passphrase, in place of an asymmetric key. This is a specialized and less commonly used mode of operation that doesn't require OpenPGP certificates.
## Generations of encryption
There are two generations of OpenPGP's encryption mechanism that the RFC allows for producing new encrypted messages, see [Packet Versions in Encrypted Messages](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-12.html#section-10.3.2.1).
(SEIPDv2)=
### SEIPD w/ AEAD (v2)
New in OpenPGP version 6.
### SEIPD (v1)
## Advanced topics
### Encrypt for multiple/single subkey per certificate?
### "Negotiating" algorithms based on recipients preference subpackets
#### Prevent "downgrade" -> Policy
### Implications of how a recipient cert is "addressed" (fingerprint/key-ID vs. user-ID) (preferences, expiration, revocation)
### AEAD modes: GCM
```{admonition} TODO
:class: warning
Produce text around discussion: https://mailarchive.ietf.org/arch/msg/openpgp/ZTYD5VJsG1k2jJBbn5zIAf5o7d4/
```
## Zooming in: Packet structure
### Encryption yields a 'wrapped' openpgp packet stream
### SKESK
Also see https://flowcrypt.com/docs/guide/send-and-receive/send-password-protected-emails.html
Reference in a new issue View git blame Copy permalink