openpgp-notes/book/source/11-decryption.md

<!--
SPDX-FileCopyrightText: 2023 The "Notes on OpenPGP" project
SPDX-License-Identifier: CC-BY-SA-4.0
-->

(decryption_chapter)=
# Decryption

```{admonition} TODO
:class: warning

  - using expired certificate?
  - using revoked certificate?
  - using expired subkey?
  - using revoked subkey?
```

## SEIPD w/ AEAD (v2)

## SEIPD (v1)

## SED

Legacy mode, may be decrypted, but not produced.

## Advanced topics

### Selecting decryption key

- Trying PKESKs until one works out
- consider "smart" strategies

additional wrinkle: hidden intended decryption key (`gnupg --throw-keyid`)
 
also see:

https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-10.html#pkesk-notes

> An implementation MAY accept or use a Key ID of all zeros, or an omitted key fingerprint, to hide the intended decryption key