29. Zooming in: Packet structure of encrypted data

29.1. SEIPD v2

29.1.1. Encrypt

We encrypt a short message to Alice, using a public certificate version of Alice’s OpenPGP key:

$ echo "hello world" | sq encrypt --recipient-file alice.pub

This produces an ASCII armored encrypted message:

-----BEGIN PGP MESSAGE-----

wV0GIQbApYOEpDjloU9zcSQmpNRduu70o55rMLCdVRP5eKzKlBkxYaQzuusD78oj
AdiGwQ8MI8sSAXAV4AEMKIcbINqhIBgSm5EV9h+Yl/XV3fEZ1JOaBnrtso2ZAS7S
cgIHAQaWc/Ip4Thq0EZDZwlpRUk/TUL+TWEpsGdQs8ifDyFAk7t3+3XvvLr5dUg3
+Ot+sESkCSjhrZk50HIjwjBVZ6Y159yfaOqttMT6cXqWaxIishPaJ+OR1q2bZS1N
2jFbaROOcbASK6AVzqCWneqkIA==
=WFpq
-----END PGP MESSAGE-----

29.1.2. Inspect the packet dump of the encrypted message

Inspecting the packets of this message, we see:

$ sq packet dump --hex enc.pgp
Public-Key Encrypted Session Key Packet, new CTB, 2 header bytes + 93 bytes
    Version: 6
    Recipient: C0A58384A438E5A14F73712426A4D45DBAEEF4A39E6B30B09D5513F978ACCA94
    Pk algo: X25519

    00000000  c1                                                 CTB
    00000001     5d                                              length
    00000002        06                                           version
    00000003           21                                        recipient_len
    00000004              06                                     recipient_version
    00000005                 c0 a5 83  84 a4 38 e5 a1 4f 73 71   recipient
    00000010  24 26 a4 d4 5d ba ee f4  a3 9e 6b 30 b0 9d 55 13
    00000020  f9 78 ac ca 94
    00000025                 19                                  pk_algo
    00000026                    31 61  a4 33 ba eb 03 ef ca 23   x25519_e
    00000030  01 d8 86 c1 0f 0c 23 cb  12 01 70 15 e0 01 0c 28
    00000040  87 1b 20 da a1 20
    00000046                    18                               x25519_esk_len
    00000047                       12  9b 91 15 f6 1f 98 97 f5   x25519_esk
    00000050  d5 dd f1 19 d4 93 9a 06  7a ed b2 8d 99 01 2e

Sym. Encrypted and Integrity Protected Data Packet, new CTB, 2 header bytes + 114 bytes
    Version: 2
    Symmetric algo: AES-128
    AEAD algo: EAX
    Chunk size: 4096
    Salt: 9673F229E1386AD0464367096945493F4D42FE4D6129B06750B3C89F0F214093
    No session key supplied

    00000000  d2                                                 CTB
    00000001     72                                              length
    00000002        02                                           version
    00000003           07                                        sym_algo
    00000004              01                                     aead_algo
    00000005                 06                                  chunk_size
    00000006                    96 73  f2 29 e1 38 6a d0 46 43   salt
    00000010  67 09 69 45 49 3f 4d 42  fe 4d 61 29 b0 67 50 b3
    00000020  c8 9f 0f 21 40 93
    00000026                    bb 77  fb 75 ef bc ba f9 75 48         .w.u....uH
    00000030  37 f8 eb 7e b0 44 a4 09  28 e1 ad 99 39 d0 72 23   7..~.D..(...9.r#
    00000040  c2 30 55 67 a6 35 e7 dc  9f 68 ea ad b4 c4 fa 71   .0Ug.5...h.....q
    00000050  7a 96 6b 12 22 b2 13 da  27 e3 91 d6 ad 9b 65 2d   z.k."...'.....e-
    00000060  4d da 31 5b 69 13 8e 71  b0 12 2b a0 15 ce a0 96   M.1[i..q..+.....
    00000070  9d ea a4 20                                        ...

29.1.3. Decrypt

$ sq decrypt --dump-session-key --recipient-file alice.sec enc.pgp
Session key: 8DDA27B9B000BD84D0A39DFF66780111
Encrypted using AES-128
Compressed using ZIP
hello world

Inspecting the packets inside the SEIPD container:

$ sq decrypt --dump --recipient-file alice.sec enc.pgp
Public-Key Encrypted Session Key Packet, new CTB, 93 bytes
    Version: 6
    Recipient: C0A58384A438E5A14F73712426A4D45DBAEEF4A39E6B30B09D5513F978ACCA94
    Pk algo: X25519

Encrypted using AES-128
Compressed using ZIP
hello world
Sym. Encrypted and Integrity Protected Data Packet, new CTB, 114 bytes
│   Version: 2
│   Symmetric algo: AES-128
│   AEAD algo: EAX
│   Chunk size: 4096
│   Salt: 9673F229E1386AD0464367096945493F4D42FE4D6129B06750B3C89F0F214093
│
└── Compressed Data Packet, new CTB, 44 bytes
    │   Algorithm: ZIP
    │
    ├── Literal Data Packet, new CTB, 18 bytes
    │       Format: Binary data
    │
    └── Padding Packet, new CTB, 14 bytes
            Unknown variant