mirror of
https://codeberg.org/openpgp/notes.git
synced 2024-11-30 11:32:07 +01:00
612 B
612 B
(decryption_chapter)=
Decryption
:class: warning
- using expired certificate?
- using revoked certificate?
- using expired subkey?
- using revoked subkey?
Advanced topics
Selecting decryption key
- Trying PKESKs until one works out
- consider "smart" strategies
additional wrinkle: hidden intended decryption key (gnupg --throw-keyid
)
also see:
https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-10.html#pkesk-notes
An implementation MAY accept or use a Key ID of all zeros, or an omitted key fingerprint, to hide the intended decryption key