mirror of
https://codeberg.org/openpgp/notes.git
synced 2024-11-27 01:52:06 +01:00
c1e6630f9f
Move legacy "SED" mode from "encrypt" to "decrypt" chapter
708 B
708 B
(decryption_chapter)=
Decryption
:class: warning
- using expired certificate?
- using revoked certificate?
- using expired subkey?
- using revoked subkey?
SEIPD w/ AEAD (v2)
SEIPD (v1)
SED
Legacy mode, may be decrypted, but not produced.
Advanced topics
Selecting decryption key
- Trying PKESKs until one works out
- consider "smart" strategies
additional wrinkle: hidden intended decryption key (gnupg --throw-keyid
)
also see:
https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-10.html#pkesk-notes
An implementation MAY accept or use a Key ID of all zeros, or an omitted key fingerprint, to hide the intended decryption key