mirror of
https://codeberg.org/openpgp/notes.git
synced 2024-11-24 00:22:05 +01:00
121e352b59
Signed-off-by: David Runge <dave@sleepmap.de>
39 lines
No EOL
816 B
Markdown
39 lines
No EOL
816 B
Markdown
<!--
|
|
SPDX-FileCopyrightText: 2023 The "Notes on OpenPGP" project
|
|
SPDX-License-Identifier: CC-BY-SA-4.0
|
|
-->
|
|
|
|
(decryption_chapter)=
|
|
# Decryption
|
|
|
|
```{admonition} TODO
|
|
:class: warning
|
|
|
|
- using expired certificate?
|
|
- using revoked certificate?
|
|
- using expired subkey?
|
|
- using revoked subkey?
|
|
```
|
|
|
|
## SEIPD w/ AEAD (v2)
|
|
|
|
## SEIPD (v1)
|
|
|
|
## SED
|
|
|
|
Legacy mode, may be decrypted, but not produced.
|
|
|
|
## Advanced topics
|
|
|
|
### Selecting decryption key
|
|
|
|
- Trying PKESKs until one works out
|
|
- consider "smart" strategies
|
|
|
|
additional wrinkle: hidden intended decryption key (`gnupg --throw-keyid`)
|
|
|
|
also see:
|
|
|
|
https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-10.html#pkesk-notes
|
|
|
|
> An implementation MAY accept or use a Key ID of all zeros, or an omitted key fingerprint, to hide the intended decryption key |