openpgp-notes/book/source/10-encryption.md

34 lines
1.1 KiB
Markdown
Raw Normal View History

(encryption_chapter)=
# Encryption
2023-09-25 16:43:36 +02:00
[Encryption](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-10.html#section-2.1) is one of the core facilities of OpenPGP. It provides confidentiality.
## High-Level overview of the message encryption process
Core concept:
- The plaintext is encrypted with a symmetric "session key."
- The "session key" itself is stored in encrypted form, possibly multiple times:
- The session key is encrypted to the encryption keys of each intended recipient of the message.
- Alternatively, or additionally, the session key may be encrypted using a passphrase (this mode of operation doesn't require any OpenPGP certificates.)
## Generations of encryption
### SEIPD w/ AEAD (v2)
### SEIPD (v1)
### SED
## Advanced topics
### Encrypt for multiple/single subkey per certificate?
### "Negotiating" algorithms based on recipients preference subpackets
#### Prevent "downgrade" -> Policy
### Implications of how a recipient cert is "addressed" (fingerprint/key-ID vs. user-ID) (preferences, expiration, revocation)
## Zooming in: Package structure and internals