mirror of
https://codeberg.org/openpgp/notes.git
synced 2024-11-23 08:02:05 +01:00
1.5 KiB
1.5 KiB
(encryption_chapter)=
Encryption
Encryption is one of the core facilities of OpenPGP. It provides confidentiality.
High-Level overview of the message encryption process
Core concept:
- The plaintext is encrypted with a symmetric "session key."
- The "session key" itself is stored in encrypted form, possibly multiple times:
- The session key is encrypted to the encryption keys of each intended recipient of the message.
- Alternatively, or additionally, the session key may be encrypted using a passphrase (this mode of operation doesn't require any OpenPGP certificates.)
Generations of encryption
(SEIPDv2)=
SEIPD w/ AEAD (v2)
SEIPD (v1)
Advanced topics
Encrypt for multiple/single subkey per certificate?
"Negotiating" algorithms based on recipients preference subpackets
Prevent "downgrade" -> Policy
Implications of how a recipient cert is "addressed" (fingerprint/key-ID vs. user-ID) (preferences, expiration, revocation)
AEAD modes: GCM
:class: warning
Produce text around discussion: https://mailarchive.ietf.org/arch/msg/openpgp/ZTYD5VJsG1k2jJBbn5zIAf5o7d4/
Zooming in: Packet structure
Encryption yields a 'wrapped' openpgp packet stream
SKESK
Also see https://flowcrypt.com/docs/guide/send-and-receive/send-password-protected-emails.html