PGP Encryption Functions

much faster than the above numbers suggest, while a 6-character non-word-like password may escape cracking. Or not. </para> </sect3> </sect2> <sect2 id="pgcrypto-pgp-enc-funcs"> <title>PGP Encryption Functions</title> <para> The functions here implement the encryption part of the OpenPGP (<ulink url="https://datatracker.ietf.org/doc/html/rfc4880">RFC 4880</ulink>) standard. Supported are both symmetric-key and public-key encryption. </para> <para> An encrypted PGP message consists of 2 parts, or <firstterm>packets</firstterm>: </para> <itemizedlist> <listitem> <para> Packet containing a session key — either symmetric-key or public-key encrypted. </para> </listitem> <listitem> <para> Packet containing data encrypted with the session key. </para> </listitem> </itemizedlist> <para> When encrypting with a symmetric key (i.e., a password): </para> <orderedlist> <listitem> <para> The given password is hashed using a String2Key (S2K) algorithm. This is rather similar to <function>crypt()</function> algorithms — purposefully slow and with random salt — but it produces a full-length binary key. </para> </listitem> <listitem> <para> If a separate session key is requested, a new random key will be generated. Otherwise the S2K key will be used directly as the session key. </para> </listitem> <listitem> <para> If the S2K key is to be used directly, then only S2K settings will be put into the session key packet. Otherwise the session key will be encrypted with the S2K key and put into the session key packet. </para> </listitem> </orderedlist> <para> When encrypting with a public key: </para> <orderedlist> <listitem> <para> A new random session key is generated. </para> </listitem> <listitem> <para> It is encrypted using the public key and put into the session key packet. </para> </listitem> </orderedlist> <para> In either case the data to be encrypted is processed as follows: </para> <orderedlist> <listitem> <para> Optional data-manipulation: compression, conversion to UTF-8, and/or conversion of line-endings. </para> </listitem> <listitem> <para> The data is prefixed with a block of random bytes. This is equivalent to using a random IV. </para> </listitem> <listitem> <para> A SHA-1 hash of the random prefix and data is appended. </para> </listitem> <listitem> <para> All this is encrypted with the session key and placed in the data packet. </para> </listitem> </orderedlist> <sect3 id="pgcrypto-pgp-enc-funcs-pgp-sym-encrypt"> <title><function>pgp_sym_encrypt()</function></title> <indexterm> <primary>pgp_sym_encrypt</primary> </indexterm> <indexterm> <primary>pgp_sym_encrypt_bytea</primary> </indexterm> <synopsis> pgp_sym_encrypt(data text, psw text [, options text ]) returns bytea pgp_sym_encrypt_bytea(data bytea, psw text [, options text ]) returns bytea </synopsis> <para> Encrypt <parameter>data</parameter> with a symmetric PGP key <parameter>psw</parameter>. The <parameter>options</parameter> parameter can contain option settings, as described below. </para> </sect3> <sect3 id="pgcrypto-pgp-enc-funcs-pgp-sym-decrypt"> <title><function>pgp_sym_decrypt()</function></title> <indexterm> <primary>pgp_sym_decrypt</primary> </indexterm> <indexterm> <primary>pgp_sym_decrypt_bytea</primary> </indexterm> <synopsis> pgp_sym_decrypt(msg bytea, psw text [, options text ]) returns text pgp_sym_decrypt_bytea(msg bytea, psw text [, options text ]) returns bytea </synopsis> <para> Decrypt a symmetric-key-encrypted PGP message. </para> <para> Decrypting <type>bytea</type> data with <function>pgp_sym_decrypt</function>

The document describes the PGP encryption functions, including symmetric-key and public-key encryption, and explains how encrypted PGP messages are structured, consisting of two packets: one for the session key and one for the data, and provides details on the encryption process, including hashing, session key generation, and data manipulation, as well as functions for symmetric encryption and decryption, such as pgp_sym_encrypt() and pgp_sym_decrypt().