diff --git a/.DS_Store b/.DS_Store
new file mode 100644
index 0000000..eb788aa
Binary files /dev/null and b/.DS_Store differ
diff --git a/book/source/04-certificates.md b/book/source/04-certificates.md
index 29b2fef..5984eef 100644
--- a/book/source/04-certificates.md
+++ b/book/source/04-certificates.md
@@ -1,7 +1,7 @@
(certificates_chapter)=
# Certificates
-OpenPGP fundamentally hinges on the concept of "OpenPGP certificates," often referred to as "OpenPGP keys." These certificates are complex data structures essential for identity verification, data encryption, and digital signatures. Understanding their structure and functionality is pivotal for effective application of the OpenPGP standard.
+OpenPGP fundamentally hinges on the concept of "OpenPGP certificates," also known as "OpenPGP keys." These certificates are complex data structures essential for identity verification, data encryption, and digital signatures. Understanding their structure and function is pivotal to effectively applying the OpenPGP standard.
## Terminology: Understanding "keys"
@@ -27,54 +27,58 @@ For detailed insights on structure and handling, refer to our chapters on OpenPG
An OpenPGP certificate (or "OpenPGP key") is a collection of an arbitrary number of elements[^packets]:
-[^packets]: In technical terms, the elements of an OpenPGP certificate are a collection "packets". Each component key and identity component is internally represented as one packet. The other common type of element is "signature" packets, which link the components of a certificate together.
+[^packets]: In technical terms, the elements of an OpenPGP certificate are a collection of "packets." Each component key and identity component is internally represented as a packet. Another common type of packet is the "signature" packet, which connect the components of a certificate.
-- Component OpenPGP keys,
-- Identity components,
-- Other metadata (this includes connections between the certificate's components).
+- Component keys
+- Identity components
+- Additional metadata, including connections between the certificate's components
We sometimes collectively refer to component keys and identity information as "the components of a certificate."
+```{admonition} Warning
+Please clarify who "we" is in this statement.
+```
+
```{figure} diag/OpenPGP_Certificate.png
Typical components in an OpenPGP certificate
```
-All elements in an OpenPGP certificate are structured around one central component: the *OpenPGP primary key*. The primary key acts as a personal CA for the certificate's owner: It can make cryptographic statements about subkeys, identities, expiration, revocation, ...
+Every element in an OpenPGP certificate revolves around a central component: the *OpenPGP primary key*. The primary key acts as a personal CA (Certification Authority) for the certificate's owner, enabling cryptographic statements regarding subkeys, identities, expiration, revocation, and more.
```{note}
-OpenPGP certificates are typically long-lived and may be changed (typically by their owner), over time. Components can be added and invalidated, over the lifetime of a certificate
+OpenPGP certificates tend to have a long lifespan, with the potential for modifications (typically by their owner) over time. Components may be added or invalidated throughout a certificate's lifetime.
```
### OpenPGP component keys
-An OpenPGP certificate usually contains multiple OpenPGP component keys.
+An OpenPGP certificate usually contains multiple component keys.
-OpenPGP component keys consist of an [asymmetric cryptographic keypair](asymmetric_key_pair) and a creation timestamp. These attributes of a component key cannot be changed after creation (in the case of ECDH keys, two additional parameters are part of a component key's constituting data[^ecdh-paramters]).
+OpenPGP component keys consist of an [asymmetric cryptographic keypair](asymmetric_key_pair) and a creation timestamp. Once created, these attributes of a component key remain fixed (for ECDH keys, two additional parameters are part of a component key's constitutive data[^ecdh-parameters]).
-[^ecdh-paramters]: For [ECDH](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-10.html#name-algorithm-specific-part-for-ecd) component keys, two additional algorithm parameters are part of the component key's constituting and immutable properties. Those parameters define a hash function and a symmetric encryption algorithm.
+[^ecdh-parameters]: For [ECDH](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-10.html#name-algorithm-specific-part-for-ecd) component keys, two additional algorithm parameters are integral to the component key's constitutive and immutable properties. Those parameters specify a hash function and a symmetric encryption algorithm.
```{figure} diag/Component_Key.svg
An OpenPGP component key
```
-Component key representations that include private key material also contain metadata that specifies the password protection scheme for the private key material.
+Component keys containing private key material also contain metadata that specifies the password protection scheme for the private key material.
-For each OpenPGP component key, an *OpenPGP fingerprint* can be derived from the combination of the public key material and creation timestamp (and ECDH parameters, if applicable).
+For each OpenPGP component key, an *OpenPGP fingerprint* can be generated. This fingerprint is derived from the combination of the public key material and creation timestamp (and ECDH parameters, if applicable).
```{figure} diag/Fingerprint.png
-Every OpenPGP component key can be named by a fingerprint
+Every OpenPGP component key is identifiable by a unique fingerprint.
```
-The fingerprint of our example component OpenPGP key is `AAA1 8CBB 2546 85C5 8358 3205 63FD 37B6 7F33 00F9 FB0E C457 378C D29F 1026 98B3` [^keyid].
+The fingerprint of our example OpenPGP component key is `AAA1 8CBB 2546 85C5 8358 3205 63FD 37B6 7F33 00F9 FB0E C457 378C D29F 1026 98B3` [^keyid].
-[^keyid]: In OpenPGP version 4, the rightmost 64 bit were sometimes used as a shorter identifier, called "Key ID".
-E.g., an OpenPGP version 4 certificate with the fingerprint `B3D2 7B09 FBA4 1235 2B41 8972 C8B8 6AC4 2455 4239` might be referred to by the 64 bit Key ID `C8B8 6AC4 2455 4239` or styled as `0xC8B86AC424554239`.
-Historically, even shorter 32 bit identifiers have sometimes been used, like this: `2455 4239`, or `0x24554239`. You may still see such identifiers in very old documents about PGP. However, 32 bit identifiers have [been unfit for purpose for a long time](https://evil32.com/). At some point, 32 bit identifiers were called "short Key ID", while 64 bit identifiers were called "long Key ID".
+[^keyid]: In OpenPGP version 4, the rightmost 64 bits were sometimes used as a shorter identifier, called "Key ID."
+For example, an OpenPGP version 4 certificate with the fingerprint `B3D2 7B09 FBA4 1235 2B41 8972 C8B8 6AC4 2455 4239` might be referenced by the 64-bit Key ID `C8B8 6AC4 2455 4239` or formatted as `0xC8B86AC424554239`.
+Historically, even shorter 32-bit identifiers were used, like this: `2455 4239`, or `0x24554239`. Such identifiers still appear in very old documents about PGP. However, [32-bit identifiers have been long deemed unfit for purpose](https://evil32.com/). At one point, 32-bit identifiers were called "short Key ID," while 64-bit identifiers were referred to as "long Key ID."
-Component keys are used in one of two roles: either as "OpenPGP primary key," or as an "OpenPGP subkey".
+Component keys serve in one of two roles: either as an "OpenPGP primary key" or as an "OpenPGP subkey."
#### Primary key
diff --git a/book/source/diag/fingerprint.png b/book/source/diag/fingerprint.png
index b462264..dd54dc8 100644
Binary files a/book/source/diag/fingerprint.png and b/book/source/diag/fingerprint.png differ
diff --git a/book/source/diag/fingerprint.svg b/book/source/diag/fingerprint.svg
index ee1eb35..dbdacdf 100644
--- a/book/source/diag/fingerprint.svg
+++ b/book/source/diag/fingerprint.svg
@@ -1,125 +1,304 @@
-
-
+ id="layer5"
+ inkscape:label="Chapter 4"
+ inkscape:highlight-color="#baa600"
+ transform="translate(-811.81226,-1223.9908)">Fingerprint of an OpenPGP
component key - key creation timeComponent KeyC0A5 8384 A438 E5A1 4F73 7124 26A4 D45DBAEE F4A3 9E6B 30B0 9D55 13F9 78AC CA94Fingerprint