Merge pull request 'Decryption: Add some information about the SED packet' (#275) from sed into main

Reviewed-on: https://codeberg.org/openpgp/notes/pulls/275
This commit is contained in:
heiko 2024-03-17 17:46:34 +00:00
commit 1fbc84cb06

View file

@ -181,4 +181,6 @@ Each chunk is decrypted using AEAD using the message key and an IV with appended
## SED
Legacy mode: may be decrypted, but not produced.
The Symmetrically Encrypted Data packet predates the SEIPD packet and is nowadays deprecated.
Due to the lack of integrity protection, this packet is susceptible to a whole class of attacks where the attacker modifies the ciphertext.
Therefore, implementations MUST NOT produce this packet and are encouraged not to accept incoming SED packages from untrusted sources.