diff --git a/book/source/10-encryption.md b/book/source/10-encryption.md index 0f8f124..fb94540 100644 --- a/book/source/10-encryption.md +++ b/book/source/10-encryption.md @@ -1,11 +1,33 @@ (encryption_chapter)= # Encryption -``` - - High Level overview of the message encryption process - - SED vs. SEIPD (v1) vs. SEIPD w/ AEAD (v2) - - Encrypt for multiple/single subkey per certificate? - - "Negotiating" algorithms based on recipients preference subpackets - - Prevent "downgrade" -> Policy - - Implications of how a recipient cert is "addressed" (fingerprint/key-ID vs. user-ID) (preferences, expiration, revocation) -``` \ No newline at end of file +[Encryption](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-10.html#section-2.1) is one of the core facilities of OpenPGP. It provides confidentiality. + +## High-Level overview of the message encryption process + +Core concept: + +- The plaintext is encrypted with a symmetric "session key." +- The "session key" itself is stored in encrypted form, possibly multiple times: + - The session key is encrypted to the encryption keys of each intended recipient of the message. + - Alternatively, or additionally, the session key may be encrypted using a passphrase (this mode of operation doesn't require any OpenPGP certificates.) + +## Generations of encryption + +### SEIPD w/ AEAD (v2) + +### SEIPD (v1) + +### SED + +## Advanced topics + +### Encrypt for multiple/single subkey per certificate? + +### "Negotiating" algorithms based on recipients preference subpackets + +#### Prevent "downgrade" -> Policy + +### Implications of how a recipient cert is "addressed" (fingerprint/key-ID vs. user-ID) (preferences, expiration, revocation) + +## Zooming in: Package structure and internals