<!-- SPDX-FileCopyrightText: 2023 The "Notes on OpenPGP" project SPDX-License-Identifier: CC-BY-SA-4.0 --> # Zooming in: Packet structure of encrypted data ## SEIPD v2 ### Encrypt We encrypt a short message to Alice, using a public certificate version of {ref}`alice-priv`: ```text $ echo "hello world" | sq encrypt --recipient-file alice.pub ``` This produces an ASCII armored encrypted message: ```{literalinclude} ../examples/ascii_armored_encrypted_message.asc :language: text ``` ### Inspect the packet dump of the encrypted message Inspecting the packets of this message, we see: ```text $ sq packet dump --hex enc.pgp Public-Key Encrypted Session Key Packet, new CTB, 2 header bytes + 93 bytes Version: 6 Recipient: C0A58384A438E5A14F73712426A4D45DBAEEF4A39E6B30B09D5513F978ACCA94 Pk algo: X25519 00000000 c1 CTB 00000001 5d length 00000002 06 version 00000003 21 recipient_len 00000004 06 recipient_version 00000005 c0 a5 83 84 a4 38 e5 a1 4f 73 71 recipient 00000010 24 26 a4 d4 5d ba ee f4 a3 9e 6b 30 b0 9d 55 13 00000020 f9 78 ac ca 94 00000025 19 pk_algo 00000026 31 61 a4 33 ba eb 03 ef ca 23 x25519_e 00000030 01 d8 86 c1 0f 0c 23 cb 12 01 70 15 e0 01 0c 28 00000040 87 1b 20 da a1 20 00000046 18 x25519_esk_len 00000047 12 9b 91 15 f6 1f 98 97 f5 x25519_esk 00000050 d5 dd f1 19 d4 93 9a 06 7a ed b2 8d 99 01 2e Sym. Encrypted and Integrity Protected Data Packet, new CTB, 2 header bytes + 114 bytes Version: 2 Symmetric algo: AES-128 AEAD algo: EAX Chunk size: 4096 Salt: 9673F229E1386AD0464367096945493F4D42FE4D6129B06750B3C89F0F214093 No session key supplied 00000000 d2 CTB 00000001 72 length 00000002 02 version 00000003 07 sym_algo 00000004 01 aead_algo 00000005 06 chunk_size 00000006 96 73 f2 29 e1 38 6a d0 46 43 salt 00000010 67 09 69 45 49 3f 4d 42 fe 4d 61 29 b0 67 50 b3 00000020 c8 9f 0f 21 40 93 00000026 bb 77 fb 75 ef bc ba f9 75 48 .w.u....uH 00000030 37 f8 eb 7e b0 44 a4 09 28 e1 ad 99 39 d0 72 23 7..~.D..(...9.r# 00000040 c2 30 55 67 a6 35 e7 dc 9f 68 ea ad b4 c4 fa 71 .0Ug.5...h.....q 00000050 7a 96 6b 12 22 b2 13 da 27 e3 91 d6 ad 9b 65 2d z.k."...'.....e- 00000060 4d da 31 5b 69 13 8e 71 b0 12 2b a0 15 ce a0 96 M.1[i..q..+..... 00000070 9d ea a4 20 ... ``` ### Decrypt ```text $ sq decrypt --dump-session-key --recipient-file alice.sec enc.pgp Session key: 8DDA27B9B000BD84D0A39DFF66780111 Encrypted using AES-128 Compressed using ZIP hello world ``` Inspecting the packets inside the SEIPD container: ```text $ sq decrypt --dump --recipient-file alice.sec enc.pgp Public-Key Encrypted Session Key Packet, new CTB, 93 bytes Version: 6 Recipient: C0A58384A438E5A14F73712426A4D45DBAEEF4A39E6B30B09D5513F978ACCA94 Pk algo: X25519 Encrypted using AES-128 Compressed using ZIP hello world Sym. Encrypted and Integrity Protected Data Packet, new CTB, 114 bytes │ Version: 2 │ Symmetric algo: AES-128 │ AEAD algo: EAX │ Chunk size: 4096 │ Salt: 9673F229E1386AD0464367096945493F4D42FE4D6129B06750B3C89F0F214093 │ └── Compressed Data Packet, new CTB, 44 bytes │ Algorithm: ZIP │ ├── Literal Data Packet, new CTB, 18 bytes │ Format: Binary data │ └── Padding Packet, new CTB, 14 bytes Unknown variant ```