mirror of
https://codeberg.org/openpgp/notes.git
synced 2024-11-26 17:42:06 +01:00
ch5: diagram notes
This commit is contained in:
parent
a2c2beb73a
commit
5ce162b7f1
1 changed files with 17 additions and 0 deletions
|
@ -119,6 +119,23 @@ OpenPGP card devices do not store the full OpenPGP certificate. Instead, they ha
|
|||
|
||||
[^missing-ecdh]: In the case of ECDH keys, the KDF parameters (hash function ID and a symmetric encryption algorithm ID) are not stored on the OpenPGP card. This is considered a flaw in the OpenPGP card specification. These missing parameters can be handled in two ways, by OpenPGP software running on the host computer: Either by consulting a copy of the component key (e.g. by inspecting a copy of the certificate), or by deducing the missing KDF parameters from the OpenPGP fingerprint that is stored on the card.
|
||||
|
||||
## What a private key store does
|
||||
|
||||
```{admonition} TODO
|
||||
:class: warning
|
||||
|
||||
write
|
||||
```
|
||||
|
||||
```{admonition} VISUAL
|
||||
:class: warning
|
||||
|
||||
show examples for the operations in a private key store.
|
||||
|
||||
- re-use the visual elements of the lowest level in the ch6 "how signatures are made" diagram (ch 6): "making a cryptographic signature from a hash digest"
|
||||
- analogous: once we have a visual for the low level asymmetric decryption operation (in ch11), mirror it here
|
||||
```
|
||||
|
||||
## Advanced topics
|
||||
|
||||
### TSKs: Best practices S2K + S2K migration?
|
||||
|
|
Loading…
Reference in a new issue