vanitasvitae/openpgp-notes
1
0
Fork 0
mirror of https://codeberg.org/openpgp/notes.git synced 2024-11-23 08:02:05 +01:00
Code Issues Projects Releases Packages Wiki Activity

ch5: diagram notes

Browse source
This commit is contained in:
Heiko Schaefer 2023-11-19 23:15:29 +01:00
parent a2c2beb73a
commit 5ce162b7f1
No known key found for this signature in database
GPG key ID: DAE9A9050FCCF1EB
1 changed files with 17 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

17
book/source/05-private.md
View file

@ -119,6 +119,23 @@ OpenPGP card devices do not store the full OpenPGP certificate. Instead, they ha
[^missing-ecdh]: In the case of ECDH keys, the KDF parameters (hash function ID and a symmetric encryption algorithm ID) are not stored on the OpenPGP card. This is considered a flaw in the OpenPGP card specification. These missing parameters can be handled in two ways, by OpenPGP software running on the host computer: Either by consulting a copy of the component key (e.g. by inspecting a copy of the certificate), or by deducing the missing KDF parameters from the OpenPGP fingerprint that is stored on the card. [^missing-ecdh]: In the case of ECDH keys, the KDF parameters (hash function ID and a symmetric encryption algorithm ID) are not stored on the OpenPGP card. This is considered a flaw in the OpenPGP card specification. These missing parameters can be handled in two ways, by OpenPGP software running on the host computer: Either by consulting a copy of the component key (e.g. by inspecting a copy of the certificate), or by deducing the missing KDF parameters from the OpenPGP fingerprint that is stored on the card.
## What a private key store does
```{admonition} TODO
:class: warning
write
```
```{admonition} VISUAL
:class: warning
show examples for the operations in a private key store.
- re-use the visual elements of the lowest level in the ch6 "how signatures are made" diagram (ch 6): "making a cryptographic signature from a hash digest"
- analogous: once we have a visual for the low level asymmetric decryption operation (in ch11), mirror it here
```
## Advanced topics ## Advanced topics
### TSKs: Best practices S2K + S2K migration? ### TSKs: Best practices S2K + S2K migration?