(encryption_chapter)= # Encryption [Encryption](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-10.html#section-2.1) is one of the core facilities of OpenPGP. It provides confidentiality. ## High-Level overview of the message encryption process Core concept: - The plaintext is encrypted with a symmetric "session key." - The "session key" itself is stored in encrypted form, possibly multiple times: - The session key is encrypted to the encryption keys of each intended recipient of the message. - Alternatively, or additionally, the session key may be encrypted using a passphrase (this mode of operation doesn't require any OpenPGP certificates.) ## Generations of encryption ### SEIPD w/ AEAD (v2) ### SEIPD (v1) ### SED ## Advanced topics ### Encrypt for multiple/single subkey per certificate? ### "Negotiating" algorithms based on recipients preference subpackets #### Prevent "downgrade" -> Policy ### Implications of how a recipient cert is "addressed" (fingerprint/key-ID vs. user-ID) (preferences, expiration, revocation) ## Zooming in: Package structure and internals ### Encryption yields a 'wrapped' openpgp packet stream ### SKESK Also see https://flowcrypt.com/docs/guide/send-and-receive/send-password-protected.html