From 5ce162b7f11465798bfcb7c17e2470c99ec50b11 Mon Sep 17 00:00:00 2001
From: Heiko Schaefer <heiko@schaefer.name>
Date: Sun, 19 Nov 2023 23:15:29 +0100
Subject: [PATCH] ch5: diagram notes

---
 book/source/05-private.md | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/book/source/05-private.md b/book/source/05-private.md
index 87c7c11..3917324 100644
--- a/book/source/05-private.md
+++ b/book/source/05-private.md
@@ -119,6 +119,23 @@ OpenPGP card devices do not store the full OpenPGP certificate. Instead, they ha
 
 [^missing-ecdh]: In the case of ECDH keys, the KDF parameters (hash function ID and a symmetric encryption algorithm ID) are not stored on the OpenPGP card. This is considered a flaw in the OpenPGP card specification. These missing parameters can be handled in two ways, by OpenPGP software running on the host computer: Either by consulting a copy of the component key (e.g. by inspecting a copy of the certificate), or by deducing the missing KDF parameters from the OpenPGP fingerprint that is stored on the card.
 
+## What a private key store does
+
+```{admonition} TODO
+:class: warning
+
+write
+```
+
+```{admonition} VISUAL
+:class: warning
+
+show examples for the operations in a private key store.
+
+- re-use the visual elements of the lowest level in the ch6 "how signatures are made" diagram (ch 6): "making a cryptographic signature from a hash digest"
+- analogous: once we have a visual for the low level asymmetric decryption operation (in ch11), mirror it here
+```
+
 ## Advanced topics
 
 ### TSKs: Best practices S2K + S2K migration?