openpgp-notes/book/source/11-decryption.md

(decryption_chapter)=
# Decryption

```{admonition} TODO
:class: warning

  - using expired certificate?
  - using revoked certificate?
  - using expired subkey?
  - using revoked subkey?
```

## Advanced topics

### Selecting decryption key

- Trying PKESKs until one works out
- consider "smart" strategies

additional wrinkle: hidden intended decryption key (`gnupg --throw-keyid`)
 
also see:

https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-10.html#pkesk-notes

> An implementation MAY accept or use a Key ID of all zeros, or an omitted key fingerprint, to hide the intended decryption key
Edits in chapter two; add link anchors to point to 2023-09-20 14:48:26 +02:00			`(decryption_chapter)=`
Initial outline and old notes (Rough merge of two precursor projects by Heiko, and outline notes by Paul) 2023-09-14 21:30:43 +02:00			`# Decryption`

mark "TODO"-blocks with admonition markup (also see https://codeberg.org/openpgp/notes/issues/3) 2023-09-26 13:22:12 +02:00			```{admonition} TODO
			`:class: warning`

Initial outline and old notes (Rough merge of two precursor projects by Heiko, and outline notes by Paul) 2023-09-14 21:30:43 +02:00			`- using expired certificate?`
			`- using revoked certificate?`
			`- using expired subkey?`
			`- using revoked subkey?`
Add input from Wiktor 2023-09-28 16:02:30 +02:00			```

			`## Advanced topics`

			`### Selecting decryption key`

			`- Trying PKESKs until one works out`
			`- consider "smart" strategies`

			additional wrinkle: hidden intended decryption key (`gnupg --throw-keyid`)

			`also see:`

			`https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-10.html#pkesk-notes`

			`> An implementation MAY accept or use a Key ID of all zeros, or an omitted key fingerprint, to hide the intended decryption key`