2023-09-20 14:48:26 +02:00
|
|
|
(decryption_chapter)=
|
2023-09-14 21:30:43 +02:00
|
|
|
# Decryption
|
|
|
|
|
2023-09-26 13:22:12 +02:00
|
|
|
```{admonition} TODO
|
|
|
|
:class: warning
|
|
|
|
|
2023-09-14 21:30:43 +02:00
|
|
|
- using expired certificate?
|
|
|
|
- using revoked certificate?
|
|
|
|
- using expired subkey?
|
|
|
|
- using revoked subkey?
|
2023-09-28 16:02:30 +02:00
|
|
|
```
|
|
|
|
|
2023-10-04 15:19:01 +02:00
|
|
|
## SEIPD w/ AEAD (v2)
|
|
|
|
|
|
|
|
## SEIPD (v1)
|
|
|
|
|
|
|
|
## SED
|
|
|
|
|
|
|
|
Legacy mode, may be decrypted, but not produced.
|
|
|
|
|
2023-09-28 16:02:30 +02:00
|
|
|
## Advanced topics
|
|
|
|
|
|
|
|
### Selecting decryption key
|
|
|
|
|
|
|
|
- Trying PKESKs until one works out
|
|
|
|
- consider "smart" strategies
|
|
|
|
|
|
|
|
additional wrinkle: hidden intended decryption key (`gnupg --throw-keyid`)
|
|
|
|
|
|
|
|
also see:
|
|
|
|
|
|
|
|
https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-10.html#pkesk-notes
|
|
|
|
|
|
|
|
> An implementation MAY accept or use a Key ID of all zeros, or an omitted key fingerprint, to hide the intended decryption key
|