openpgp-notes/book/source/10-encryption.md

<!--
SPDX-FileCopyrightText: 2023 The "Notes on OpenPGP" project
SPDX-License-Identifier: CC-BY-SA-4.0
-->

(encryption_chapter)=
# Encryption

[Encryption](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-10.html#section-2.1) is one of the core facilities of OpenPGP. It provides confidentiality.

## High-Level overview of the message encryption process

Core concept:

- The plaintext is encrypted with a symmetric "session key."
- The "session key" itself is stored in encrypted form, possibly multiple times:
  - The session key is encrypted to the encryption keys of each intended recipient of the message.
  - Alternatively, or additionally, the session key may be encrypted using a passphrase (this mode of operation doesn't require any OpenPGP certificates.)

## Generations of encryption

(SEIPDv2)=
### SEIPD w/ AEAD (v2)

### SEIPD (v1)

## Advanced topics

### Encrypt for multiple/single subkey per certificate?

### "Negotiating" algorithms based on recipients preference subpackets

#### Prevent "downgrade" -> Policy

### Implications of how a recipient cert is "addressed" (fingerprint/key-ID vs. user-ID) (preferences, expiration, revocation)

### AEAD modes: GCM

```{admonition} TODO
:class: warning

Produce text around discussion: https://mailarchive.ietf.org/arch/msg/openpgp/ZTYD5VJsG1k2jJBbn5zIAf5o7d4/
```

## Zooming in: Packet structure

### Encryption yields a 'wrapped' openpgp packet stream

### SKESK

Also see https://flowcrypt.com/docs/guide/send-and-receive/send-password-protected-emails.html
feat: Add license attribution for all files Signed-off-by: David Runge <dave@sleepmap.de> 2023-10-23 19:04:58 +02:00			`<!--`
			`SPDX-FileCopyrightText: 2023 The "Notes on OpenPGP" project`
			`SPDX-License-Identifier: CC-BY-SA-4.0`
			`-->`

Edits in chapter two; add link anchors to point to 2023-09-20 14:48:26 +02:00			`(encryption_chapter)=`
Initial outline and old notes (Rough merge of two precursor projects by Heiko, and outline notes by Paul) 2023-09-14 21:30:43 +02:00			`# Encryption`

ch10: outline 2023-09-25 16:43:36 +02:00			`[Encryption](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-10.html#section-2.1) is one of the core facilities of OpenPGP. It provides confidentiality.`

			`## High-Level overview of the message encryption process`

			`Core concept:`

			`- The plaintext is encrypted with a symmetric "session key."`
			`- The "session key" itself is stored in encrypted form, possibly multiple times:`
			`- The session key is encrypted to the encryption keys of each intended recipient of the message.`
			`- Alternatively, or additionally, the session key may be encrypted using a passphrase (this mode of operation doesn't require any OpenPGP certificates.)`

			`## Generations of encryption`

fix link names 2023-10-29 23:43:14 +01:00			`(SEIPDv2)=`
ch10: outline 2023-09-25 16:43:36 +02:00			`### SEIPD w/ AEAD (v2)`

			`### SEIPD (v1)`

			`## Advanced topics`

			`### Encrypt for multiple/single subkey per certificate?`

			`### "Negotiating" algorithms based on recipients preference subpackets`

			`#### Prevent "downgrade" -> Policy`

			`### Implications of how a recipient cert is "addressed" (fingerprint/key-ID vs. user-ID) (preferences, expiration, revocation)`

add link to gcm discussion, as a note for writing 2023-10-25 16:17:03 +02:00			`### AEAD modes: GCM`

			```{admonition} TODO
			`:class: warning`

			`Produce text around discussion: https://mailarchive.ietf.org/arch/msg/openpgp/ZTYD5VJsG1k2jJBbn5zIAf5o7d4/`
			```

fix/normalize "zooming in" section titles 2023-10-03 20:07:55 +02:00			`## Zooming in: Packet structure`
Note about SKESK use by flowcrypt 2023-09-28 16:02:47 +02:00
			`### Encryption yields a 'wrapped' openpgp packet stream`

			`### SKESK`

fix: Use current link for flowcrypt on sending password protected mails Signed-off-by: David Runge <dave@sleepmap.de> 2023-10-23 18:03:58 +02:00			`Also see https://flowcrypt.com/docs/guide/send-and-receive/send-password-protected-emails.html`