mirror of
https://codeberg.org/openpgp/notes.git
synced 2025-01-07 05:27:57 +01:00
114 lines
4.1 KiB
Markdown
114 lines
4.1 KiB
Markdown
|
<!--
|
||
|
SPDX-FileCopyrightText: 2023 The "Notes on OpenPGP" project
|
||
|
SPDX-License-Identifier: CC-BY-SA-4.0
|
||
|
-->
|
||
|
|
||
|
# Zooming in: Packet structure of encrypted data
|
||
|
|
||
|
## SEIPD v2
|
||
|
|
||
|
### Encrypt
|
||
|
|
||
|
We encrypt a short message to Alice, using a public certificate version of {ref}`alice-priv`:
|
||
|
|
||
|
```text
|
||
|
$ echo "hello world" | sq encrypt --recipient-file alice.pub
|
||
|
```
|
||
|
|
||
|
This produces an ASCII armored encrypted message:
|
||
|
|
||
|
```{literalinclude} ../examples/ascii_armored_encrypted_message.asc
|
||
|
:language: text
|
||
|
```
|
||
|
|
||
|
### Inspect the packet dump of the encrypted message
|
||
|
|
||
|
Inspecting the packets of this message, we see:
|
||
|
|
||
|
```text
|
||
|
$ sq packet dump --hex enc.pgp
|
||
|
Public-Key Encrypted Session Key Packet, new CTB, 2 header bytes + 93 bytes
|
||
|
Version: 6
|
||
|
Recipient: C0A58384A438E5A14F73712426A4D45DBAEEF4A39E6B30B09D5513F978ACCA94
|
||
|
Pk algo: X25519
|
||
|
|
||
|
00000000 c1 CTB
|
||
|
00000001 5d length
|
||
|
00000002 06 version
|
||
|
00000003 21 recipient_len
|
||
|
00000004 06 recipient_version
|
||
|
00000005 c0 a5 83 84 a4 38 e5 a1 4f 73 71 recipient
|
||
|
00000010 24 26 a4 d4 5d ba ee f4 a3 9e 6b 30 b0 9d 55 13
|
||
|
00000020 f9 78 ac ca 94
|
||
|
00000025 19 pk_algo
|
||
|
00000026 31 61 a4 33 ba eb 03 ef ca 23 x25519_e
|
||
|
00000030 01 d8 86 c1 0f 0c 23 cb 12 01 70 15 e0 01 0c 28
|
||
|
00000040 87 1b 20 da a1 20
|
||
|
00000046 18 x25519_esk_len
|
||
|
00000047 12 9b 91 15 f6 1f 98 97 f5 x25519_esk
|
||
|
00000050 d5 dd f1 19 d4 93 9a 06 7a ed b2 8d 99 01 2e
|
||
|
|
||
|
Sym. Encrypted and Integrity Protected Data Packet, new CTB, 2 header bytes + 114 bytes
|
||
|
Version: 2
|
||
|
Symmetric algo: AES-128
|
||
|
AEAD algo: EAX
|
||
|
Chunk size: 4096
|
||
|
Salt: 9673F229E1386AD0464367096945493F4D42FE4D6129B06750B3C89F0F214093
|
||
|
No session key supplied
|
||
|
|
||
|
00000000 d2 CTB
|
||
|
00000001 72 length
|
||
|
00000002 02 version
|
||
|
00000003 07 sym_algo
|
||
|
00000004 01 aead_algo
|
||
|
00000005 06 chunk_size
|
||
|
00000006 96 73 f2 29 e1 38 6a d0 46 43 salt
|
||
|
00000010 67 09 69 45 49 3f 4d 42 fe 4d 61 29 b0 67 50 b3
|
||
|
00000020 c8 9f 0f 21 40 93
|
||
|
00000026 bb 77 fb 75 ef bc ba f9 75 48 .w.u....uH
|
||
|
00000030 37 f8 eb 7e b0 44 a4 09 28 e1 ad 99 39 d0 72 23 7..~.D..(...9.r#
|
||
|
00000040 c2 30 55 67 a6 35 e7 dc 9f 68 ea ad b4 c4 fa 71 .0Ug.5...h.....q
|
||
|
00000050 7a 96 6b 12 22 b2 13 da 27 e3 91 d6 ad 9b 65 2d z.k."...'.....e-
|
||
|
00000060 4d da 31 5b 69 13 8e 71 b0 12 2b a0 15 ce a0 96 M.1[i..q..+.....
|
||
|
00000070 9d ea a4 20 ...
|
||
|
```
|
||
|
|
||
|
### Decrypt
|
||
|
|
||
|
```text
|
||
|
$ sq decrypt --dump-session-key --recipient-file alice.sec enc.pgp
|
||
|
Session key: 8DDA27B9B000BD84D0A39DFF66780111
|
||
|
Encrypted using AES-128
|
||
|
Compressed using ZIP
|
||
|
hello world
|
||
|
```
|
||
|
|
||
|
Inspecting the packets inside the SEIPD container:
|
||
|
|
||
|
```text
|
||
|
$ sq decrypt --dump --recipient-file alice.sec enc.pgp
|
||
|
Public-Key Encrypted Session Key Packet, new CTB, 93 bytes
|
||
|
Version: 6
|
||
|
Recipient: C0A58384A438E5A14F73712426A4D45DBAEEF4A39E6B30B09D5513F978ACCA94
|
||
|
Pk algo: X25519
|
||
|
|
||
|
Encrypted using AES-128
|
||
|
Compressed using ZIP
|
||
|
hello world
|
||
|
Sym. Encrypted and Integrity Protected Data Packet, new CTB, 114 bytes
|
||
|
│ Version: 2
|
||
|
│ Symmetric algo: AES-128
|
||
|
│ AEAD algo: EAX
|
||
|
│ Chunk size: 4096
|
||
|
│ Salt: 9673F229E1386AD0464367096945493F4D42FE4D6129B06750B3C89F0F214093
|
||
|
│
|
||
|
└── Compressed Data Packet, new CTB, 44 bytes
|
||
|
│ Algorithm: ZIP
|
||
|
│
|
||
|
├── Literal Data Packet, new CTB, 18 bytes
|
||
|
│ Format: Binary data
|
||
|
│
|
||
|
└── Padding Packet, new CTB, 14 bytes
|
||
|
Unknown variant
|
||
|
```
|