rfc9580v10.txt   rfc9580.txt 
skipping to change at line 863 skipping to change at line 863
|Section | | | | | |Section | | | | |
|9.3) | | | | | |9.3) | | | | |
+---------+------------+------------+--------------------------+----+ +---------+------------+------------+--------------------------+----+
|253 |AEAD |params- |AEAD(HKDF(S2K(passphrase),|Yes | |253 |AEAD |params- |AEAD(HKDF(S2K(passphrase),|Yes |
| | |length |info), secrets, | | | | |length |info), secrets, | |
| | |(*v6-only*),|packetprefix) | | | | |(*v6-only*),|packetprefix) | |
| | |cipher-algo,| | | | | |cipher-algo,| | |
| | |AEAD-mode, | | | | | |AEAD-mode, | | |
| | |S2K- | | | | | |S2K- | | |
| | |specifier- | | | | | |specifier- | | |
| | |length (*v6-| | | | | |length | | |
| | |only*),S2K- | | | | | |(*v6-only*),| | |
| | |S2K- | | |
| | |specifier, | | | | | |specifier, | | |
| | |nonce | | | | | |nonce | | |
+---------+------------+------------+--------------------------+----+ +---------+------------+------------+--------------------------+----+
|254 |CFB |params- |CFB(S2K(passphrase), |Yes | |254 |CFB |params- |CFB(S2K(passphrase), |Yes |
| | |length |secrets || SHA1(secrets)) | | | | |length |secrets || SHA1(secrets)) | |
| | |(*v6-only*),| | | | | |(*v6-only*),| | |
| | |cipher-algo,| | | | | |cipher-algo,| | |
| | |S2K- | | | | | |S2K- | | |
| | |specifier- | | | | | |specifier- | | |
| | |length | | | | | |length | | |
skipping to change at line 1180 skipping to change at line 1181
| 6 | Yes | Public Key Packet | PUBKEY | Section | | 6 | Yes | Public Key Packet | PUBKEY | Section |
| | | | | 5.5.1.1 | | | | | | 5.5.1.1 |
+-------+----------+---------------------+-----------+-----------+ +-------+----------+---------------------+-----------+-----------+
| 7 | Yes | Secret Subkey | SECSUBKEY | Section | | 7 | Yes | Secret Subkey | SECSUBKEY | Section |
| | | Packet | | 5.5.1.4 | | | | Packet | | 5.5.1.4 |
+-------+----------+---------------------+-----------+-----------+ +-------+----------+---------------------+-----------+-----------+
| 8 | Yes | Compressed Data | COMP | Section | | 8 | Yes | Compressed Data | COMP | Section |
| | | Packet | | 5.6 | | | | Packet | | 5.6 |
+-------+----------+---------------------+-----------+-----------+ +-------+----------+---------------------+-----------+-----------+
| 9 | Yes | Symmetrically | SED | Section | | 9 | Yes | Symmetrically | SED | Section |
| | | Encrypted Data | | 5.6 | | | | Encrypted Data | | 5.7 |
| | | Packet | | | | | | Packet | | |
+-------+----------+---------------------+-----------+-----------+ +-------+----------+---------------------+-----------+-----------+
| 10 | Yes | Marker Packet | MARKER | Section | | 10 | Yes | Marker Packet | MARKER | Section |
| | | | | 5.8 | | | | | | 5.8 |
+-------+----------+---------------------+-----------+-----------+ +-------+----------+---------------------+-----------+-----------+
| 11 | Yes | Literal Data Packet | LIT | Section | | 11 | Yes | Literal Data Packet | LIT | Section |
| | | | | 5.8 | | | | | | 5.9 |
+-------+----------+---------------------+-----------+-----------+ +-------+----------+---------------------+-----------+-----------+
| 12 | Yes | Trust Packet | TRUST | Section | | 12 | Yes | Trust Packet | TRUST | Section |
| | | | | 5.10 | | | | | | 5.10 |
+-------+----------+---------------------+-----------+-----------+ +-------+----------+---------------------+-----------+-----------+
| 13 | Yes | User ID Packet | UID | Section | | 13 | Yes | User ID Packet | UID | Section |
| | | | | 5.11 | | | | | | 5.11 |
+-------+----------+---------------------+-----------+-----------+ +-------+----------+---------------------+-----------+-----------+
| 14 | Yes | Public Subkey | PUBSUBKEY | Section | | 14 | Yes | Public Subkey | PUBSUBKEY | Section |
| | | Packet | | 5.5.1.2 | | | | Packet | | 5.5.1.2 |
+-------+----------+---------------------+-----------+-----------+ +-------+----------+---------------------+-----------+-----------+
skipping to change at line 2586 skipping to change at line 2587
Revocation signatures. It describes the reason why the key or Revocation signatures. It describes the reason why the key or
certification was revoked. certification was revoked.
The first octet contains a machine-readable code that denotes the The first octet contains a machine-readable code that denotes the
reason for the revocation: reason for the revocation:
+=========+========================================+ +=========+========================================+
| Code | Reason | | Code | Reason |
+=========+========================================+ +=========+========================================+
| 0 | No reason specified (Key Revocation or | | 0 | No reason specified (Key Revocation or |
| | Certificate Revocation signatures) | | | Certification Revocation signatures) |
+---------+----------------------------------------+ +---------+----------------------------------------+
| 1 | Key is superseded (Key Revocation | | 1 | Key is superseded (Key Revocation |
| | signatures) | | | signatures) |
+---------+----------------------------------------+ +---------+----------------------------------------+
| 2 | Key material has been compromised (Key | | 2 | Key material has been compromised (Key |
| | Revocation signatures) | | | Revocation signatures) |
+---------+----------------------------------------+ +---------+----------------------------------------+
| 3 | Key is retired and no longer used (Key | | 3 | Key is retired and no longer used (Key |
| | Revocation signatures) | | | Revocation signatures) |
+---------+----------------------------------------+ +---------+----------------------------------------+
skipping to change at line 3868 skipping to change at line 3869
implementation. implementation.
Trust packets SHOULD NOT be emitted to output streams that are Trust packets SHOULD NOT be emitted to output streams that are
transferred to other users, and they SHOULD be ignored on any input transferred to other users, and they SHOULD be ignored on any input
other than local keyring files. other than local keyring files.
5.11. User ID Packet (Type ID 13) 5.11. User ID Packet (Type ID 13)
A User ID packet consists of UTF-8 text that is intended to represent A User ID packet consists of UTF-8 text that is intended to represent
the name and email address of the keyholder. By convention, it the name and email address of the keyholder. By convention, it
includes a mail name-addr as described in [RFC2822], but there are no includes a mail name-addr as described in [RFC5322], but there are no
restrictions on its content. The packet length in the header restrictions on its content. The packet length in the header
specifies the length of the User ID. specifies the length of the User ID.
5.12. User Attribute Packet (Type ID 17) 5.12. User Attribute Packet (Type ID 17)
The User Attribute packet is a variation of the User ID packet. It The User Attribute packet is a variation of the User ID packet. It
is capable of storing more types of data than the User ID packet, is capable of storing more types of data than the User ID packet,
which is limited to text. Like the User ID packet, a User Attribute which is limited to text. Like the User ID packet, a User Attribute
packet may be certified by the key owner ("self-signed") or any other packet may be certified by the key owner ("self-signed") or any other
key owner who cares to certify it. Except as noted, a User Attribute key owner who cares to certify it. Except as noted, a User Attribute
skipping to change at line 4894 skipping to change at line 4895
+----------------+--------+------------+-------+---------+----------+ +----------------+--------+------------+-------+---------+----------+
|brainpoolP384r1 |SEC1 |integer |N/A |N/A |N/A | |brainpoolP384r1 |SEC1 |integer |N/A |N/A |N/A |
+----------------+--------+------------+-------+---------+----------+ +----------------+--------+------------+-------+---------+----------+
|brainpoolP512r1 |SEC1 |integer |N/A |N/A |N/A | |brainpoolP512r1 |SEC1 |integer |N/A |N/A |N/A |
+----------------+--------+------------+-------+---------+----------+ +----------------+--------+------------+-------+---------+----------+
|Ed25519Legacy |N/A |N/A |32 |32 octets|32 octets | |Ed25519Legacy |N/A |N/A |32 |32 octets|32 octets |
| | | |octets |of R |of S | | | | |octets |of R |of S |
| | | |of | | | | | | |of | | |
| | | |secret | | | | | | |secret | | |
+----------------+--------+------------+-------+---------+----------+ +----------------+--------+------------+-------+---------+----------+
|Curve25519Legacy|prefixed|integer (see|N/A |N/A |N/A | |Curve25519Legacy|prefixed|integer |N/A |N/A |N/A |
| |native |Section | | | | | |native |(Section | | | |
| | |5.5.5.6.1.1)| | | | | | |5.5.5.6.1.1)| | | |
+----------------+--------+------------+-------+---------+----------+ +----------------+--------+------------+-------+---------+----------+
Table 20: OpenPGP ECC Curve-Specific Wire Formats Registry Table 20: OpenPGP ECC Curve-Specific Wire Formats Registry
For the native octet-string forms of Ed25519Legacy values, see For the native octet-string forms of Ed25519Legacy values, see
[RFC8032]. For the native octet-string forms of Curve25519Legacy [RFC8032]. For the native octet-string forms of Curve25519Legacy
secret scalars and points, see [RFC7748]. secret scalars and points, see [RFC7748].
9.3. Symmetric Key Algorithms 9.3. Symmetric Key Algorithms
+=========+=============================================+ +=========+============================================+
| ID | Algorithm | | ID | Algorithm |
+=========+=============================================+ +=========+============================================+
| 0 | Plaintext or unencrypted data | | 0 | Plaintext or unencrypted data |
+---------+---------------------------------------------+ +---------+--------------------------------------------+
| 1 | IDEA [IDEA] | | 1 | IDEA [IDEA] |
+---------+---------------------------------------------+ +---------+--------------------------------------------+
| 2 | TripleDES (or DES-EDE) [SP800-67] with | | 2 | TripleDES (or DES-EDE) [SP800-67] with |
| | 168-bit key derived from 192 | | | 168-bit key derived from 192 |
+---------+---------------------------------------------+ +---------+--------------------------------------------+
| 3 | CAST5 with 128-bit key [RFC2144] | | 3 | CAST5 with 128-bit key [RFC2144] |
+---------+---------------------------------------------+ +---------+--------------------------------------------+
| 4 | Blowfish with 128-bit key, 16 rounds | | 4 | Blowfish with 128-bit key, 16 rounds |
| | [BLOWFISH] | | | [BLOWFISH] |
+---------+---------------------------------------------+ +---------+--------------------------------------------+
| 5 | Reserved | | 5 | Reserved |
+---------+---------------------------------------------+ +---------+--------------------------------------------+
| 6 | Reserved | | 6 | Reserved |
+---------+---------------------------------------------+ +---------+--------------------------------------------+
| 7 | AES with 128-bit key [AES] | | 7 | AES with 128-bit key [AES] |
+---------+---------------------------------------------+ +---------+--------------------------------------------+
| 8 | AES with 192-bit key | | 8 | AES with 192-bit key |
+---------+---------------------------------------------+ +---------+--------------------------------------------+
| 9 | AES with 256-bit key | | 9 | AES with 256-bit key |
+---------+---------------------------------------------+ +---------+--------------------------------------------+
| 10 | Twofish with 256-bit key [TWOFISH] | | 10 | Twofish with 256-bit key [TWOFISH] |
+---------+---------------------------------------------+ +---------+--------------------------------------------+
| 11 | Camellia with 128-bit key [RFC3713] | | 11 | Camellia with 128-bit key [RFC3713] |
+---------+---------------------------------------------+ +---------+--------------------------------------------+
| 12 | Camellia with 192-bit key | | 12 | Camellia with 192-bit key |
+---------+---------------------------------------------+ +---------+--------------------------------------------+
| 13 | Camellia with 256-bit key | | 13 | Camellia with 256-bit key |
+---------+---------------------------------------------+ +---------+--------------------------------------------+
| 100-110 | Private or Experimental Use | | 100-110 | Private or Experimental Use |
+---------+---------------------------------------------+ +---------+--------------------------------------------+
| 253-255 | Reserved to avoid collision with Secret Key | | 253-255 | Reserved to avoid collision with Secret |
| | Encryption (See Table 2 and Section 5.5.3) | | | Key Encryption (Table 2 and Section 5.5.3) |
+---------+---------------------------------------------+ +---------+--------------------------------------------+
Table 21: OpenPGP Symmetric Key Algorithms Registry Table 21: OpenPGP Symmetric Key Algorithms Registry
Implementations MUST implement AES-128. Implementations SHOULD Implementations MUST implement AES-128. Implementations SHOULD
implement AES-256. Implementations MUST NOT encrypt data with IDEA, implement AES-256. Implementations MUST NOT encrypt data with IDEA,
TripleDES, or CAST5. Implementations MAY decrypt data that uses TripleDES, or CAST5. Implementations MAY decrypt data that uses
IDEA, TripleDES, or CAST5 for the sake of reading older messages or IDEA, TripleDES, or CAST5 for the sake of reading older messages or
new messages from implementations predating support for [RFC2440]. new messages from implementations predating support for [RFC2440].
An Implementation that decrypts data using IDEA, TripleDES, or CAST5 An Implementation that decrypts data using IDEA, TripleDES, or CAST5
SHOULD generate a deprecation warning about the symmetric algorithm, SHOULD generate a deprecation warning about the symmetric algorithm,
indicating that message confidentiality is suspect. Implementations indicating that message confidentiality is suspect. Implementations
MAY implement any other algorithm. MAY implement any other algorithm.
skipping to change at line 5823 skipping to change at line 5824
* The 1-octet algorithm identifier, if it was passed (in the case of * The 1-octet algorithm identifier, if it was passed (in the case of
a v3 PKESK packet). a v3 PKESK packet).
* The session key. * The session key.
* A 2-octet checksum of the session key, equal to the sum of the * A 2-octet checksum of the session key, equal to the sum of the
session key octets, modulo 65536. session key octets, modulo 65536.
Then, the above values are padded to an 8-octet granularity using the Then, the above values are padded to an 8-octet granularity using the
method described in [RFC2898]. method described in [RFC8018].
For example, in a version 3 Public Key Encrypted Session Key packet, For example, in a version 3 Public Key Encrypted Session Key packet,
an AES-256 session key is encoded as follows, forming a 40-octet an AES-256 session key is encoded as follows, forming a 40-octet
sequence: sequence:
09 k0 k1 ... k31 s0 s1 05 05 05 05 05 09 k0 k1 ... k31 s0 s1 05 05 05 05 05
The octets k0 to k31 above denote the session key, and the octets s0 The octets k0 to k31 above denote the session key, and the octets s0
and s1 denote the checksum of the session key octets. This encoding and s1 denote the checksum of the session key octets. This encoding
allows the sender to obfuscate the size of the symmetric encryption allows the sender to obfuscate the size of the symmetric encryption
skipping to change at line 7146 skipping to change at line 7147
DOI 10.6028/NIST.FIPS.186-5, February 2023, DOI 10.6028/NIST.FIPS.186-5, February 2023,
<https://nvlpubs.nist.gov/nistpubs/FIPS/ <https://nvlpubs.nist.gov/nistpubs/FIPS/
NIST.FIPS.186-5.pdf>. NIST.FIPS.186-5.pdf>.
[FIPS202] NIST, "SHA-3 Standard: Permutation-Based Hash and [FIPS202] NIST, "SHA-3 Standard: Permutation-Based Hash and
Extendable-Output Functions", FIPS PUB 202, Extendable-Output Functions", FIPS PUB 202,
DOI 10.6028/NIST.FIPS.202, August 2015, DOI 10.6028/NIST.FIPS.202, August 2015,
<https://nvlpubs.nist.gov/nistpubs/fips/ <https://nvlpubs.nist.gov/nistpubs/fips/
nist.fips.202.pdf>. nist.fips.202.pdf>.
[IDEA] Lai, X., "On the Design and Security of Block Ciphers", [IDEA] Lai, X. and J. L. Massey, "A Proposal for a New Block
ETH Series in Information Processing, Vol. 1, Hartung- Encryption Standard", Advances in Cryptology - EUROCRYPT
Gorre Verlag Konstanz, Technische Hochschule (Zurich), '90, Vol. 473, pp. 389-404, DOI 10.1007/3-540-46877-3_35,
Dissertation, January 1992. January 1991, <https://link.springer.com/
chapter/10.1007/3-540-46877-3_35>.
[ISO10646] ISO, "Information technology - Universal coded character [ISO10646] ISO, "Information technology - Universal coded character
set (UCS)", ISO/IEC 10646:2020, December 2020, set (UCS)", ISO/IEC 10646:2020, December 2020,
<https://www.iso.org/standard/76835.html>. <https://www.iso.org/standard/76835.html>.
[JFIF] ITU-T, "Information technology - Digital compression and [JFIF] ITU-T, "Information technology - Digital compression and
coding of continuous-tone still images: JPEG File coding of continuous-tone still images: JPEG File
Interchange Format (JFIF)", Recommendation ITU-T T.871, Interchange Format (JFIF)", Recommendation ITU-T T.871,
May 2011, <https://www.itu.int/rec/T-REC-T.871-201105-I>. May 2011, <https://www.itu.int/rec/T-REC-T.871-201105-I>.
skipping to change at line 7182 skipping to change at line 7184
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997, DOI 10.17487/RFC2119, March 1997,
<https://www.rfc-editor.org/info/rfc2119>. <https://www.rfc-editor.org/info/rfc2119>.
[RFC2144] Adams, C., "The CAST-128 Encryption Algorithm", RFC 2144, [RFC2144] Adams, C., "The CAST-128 Encryption Algorithm", RFC 2144,
DOI 10.17487/RFC2144, May 1997, DOI 10.17487/RFC2144, May 1997,
<https://www.rfc-editor.org/info/rfc2144>. <https://www.rfc-editor.org/info/rfc2144>.
[RFC2822] Resnick, P., Ed., "Internet Message Format", RFC 2822,
DOI 10.17487/RFC2822, April 2001,
<https://www.rfc-editor.org/info/rfc2822>.
[RFC2898] Kaliski, B., "PKCS #5: Password-Based Cryptography
Specification Version 2.0", RFC 2898,
DOI 10.17487/RFC2898, September 2000,
<https://www.rfc-editor.org/info/rfc2898>.
[RFC3156] Elkins, M., Del Torto, D., Levien, R., and T. Roessler, [RFC3156] Elkins, M., Del Torto, D., Levien, R., and T. Roessler,
"MIME Security with OpenPGP", RFC 3156, "MIME Security with OpenPGP", RFC 3156,
DOI 10.17487/RFC3156, August 2001, DOI 10.17487/RFC3156, August 2001,
<https://www.rfc-editor.org/info/rfc3156>. <https://www.rfc-editor.org/info/rfc3156>.
[RFC3394] Schaad, J. and R. Housley, "Advanced Encryption Standard [RFC3394] Schaad, J. and R. Housley, "Advanced Encryption Standard
(AES) Key Wrap Algorithm", RFC 3394, DOI 10.17487/RFC3394, (AES) Key Wrap Algorithm", RFC 3394, DOI 10.17487/RFC3394,
September 2002, <https://www.rfc-editor.org/info/rfc3394>. September 2002, <https://www.rfc-editor.org/info/rfc3394>.
[RFC3629] Yergeau, F., "UTF-8, a transformation format of ISO [RFC3629] Yergeau, F., "UTF-8, a transformation format of ISO
skipping to change at line 7240 skipping to change at line 7233
[RFC7748] Langley, A., Hamburg, M., and S. Turner, "Elliptic Curves [RFC7748] Langley, A., Hamburg, M., and S. Turner, "Elliptic Curves
for Security", RFC 7748, DOI 10.17487/RFC7748, January for Security", RFC 7748, DOI 10.17487/RFC7748, January
2016, <https://www.rfc-editor.org/info/rfc7748>. 2016, <https://www.rfc-editor.org/info/rfc7748>.
[RFC8017] Moriarty, K., Ed., Kaliski, B., Jonsson, J., and A. Rusch, [RFC8017] Moriarty, K., Ed., Kaliski, B., Jonsson, J., and A. Rusch,
"PKCS #1: RSA Cryptography Specifications Version 2.2", "PKCS #1: RSA Cryptography Specifications Version 2.2",
RFC 8017, DOI 10.17487/RFC8017, November 2016, RFC 8017, DOI 10.17487/RFC8017, November 2016,
<https://www.rfc-editor.org/info/rfc8017>. <https://www.rfc-editor.org/info/rfc8017>.
[RFC8018] Moriarty, K., Ed., Kaliski, B., and A. Rusch, "PKCS #5:
Password-Based Cryptography Specification Version 2.1",
RFC 8018, DOI 10.17487/RFC8018, January 2017,
<https://www.rfc-editor.org/info/rfc8018>.
[RFC8032] Josefsson, S. and I. Liusvaara, "Edwards-Curve Digital [RFC8032] Josefsson, S. and I. Liusvaara, "Edwards-Curve Digital
Signature Algorithm (EdDSA)", RFC 8032, Signature Algorithm (EdDSA)", RFC 8032,
DOI 10.17487/RFC8032, January 2017, DOI 10.17487/RFC8032, January 2017,
<https://www.rfc-editor.org/info/rfc8032>. <https://www.rfc-editor.org/info/rfc8032>.
[RFC8126] Cotton, M., Leiba, B., and T. Narten, "Guidelines for [RFC8126] Cotton, M., Leiba, B., and T. Narten, "Guidelines for
Writing an IANA Considerations Section in RFCs", BCP 26, Writing an IANA Considerations Section in RFCs", BCP 26,
RFC 8126, DOI 10.17487/RFC8126, June 2017, RFC 8126, DOI 10.17487/RFC8126, June 2017,
<https://www.rfc-editor.org/info/rfc8126>. <https://www.rfc-editor.org/info/rfc8126>.
 End of changes. 12 change blocks. 
61 lines changed or deleted 59 lines changed or added

This html diff was produced by rfcdiff 1.48.