From 0b078830f2b61e8fc1aa8eda919acae447056267 Mon Sep 17 00:00:00 2001 From: Paul Schaub Date: Mon, 23 Oct 2023 12:40:15 +0200 Subject: [PATCH 1/2] Add section on KDFs --- book/source/03-cryptography.md | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/book/source/03-cryptography.md b/book/source/03-cryptography.md index 797d9f2..ef16781 100644 --- a/book/source/03-cryptography.md +++ b/book/source/03-cryptography.md @@ -16,6 +16,15 @@ Here are two important properties of cryptographic hash functions: - ["Pre-image resistance"](https://en.wikipedia.org/wiki/Preimage_attack): Given a hash value, it should be very difficult to determine the original data it represents. - ["Collision resistance"](https://en.wikipedia.org/wiki/Collision_resistance): It should be very difficult to find two distinct pieces of data that map to the same hash value. +### Key Derivation Functions + +Hash functions can also be used to construct [key derivation functions](https://en.wikipedia.org/wiki/Key_derivation_function) (KDF). +Those can for instance be used to derive symmetric key material from a password by repeatedly feeding it through a hash function. + +A prominent example of a KDF which is relevant for the OpenPGP specification is the so-called [HKDF](https://en.wikipedia.org/wiki/HKDF) which is based on the [HMAC](https://en.wikipedia.org/wiki/HMAC) message authentication code. + +More information on KDFs and their use in the OpenPGP protocol can be found in chapters XXX (S2K) and YYY (SEIPDv2). + ## Symmetric-key cryptography [Symmetric-key cryptography](https://en.wikipedia.org/wiki/Symmetric-key_algorithm) uses the same cryptographic key for both encryption and decryption, unlike asymmetric cryptography where a pair of keys is used: a public key for encryption and a corresponding private key for decryption. Symmetric-key cryptographic systems support *encryption/decryption* operations. From e4164aab4d2b26c969320b8616ad5f2cb18f06b0 Mon Sep 17 00:00:00 2001 From: Paul Schaub Date: Mon, 23 Oct 2023 13:04:42 +0200 Subject: [PATCH 2/2] Add section on HMAC --- book/source/03-cryptography.md | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/book/source/03-cryptography.md b/book/source/03-cryptography.md index ef16781..bbba26d 100644 --- a/book/source/03-cryptography.md +++ b/book/source/03-cryptography.md @@ -16,14 +16,22 @@ Here are two important properties of cryptographic hash functions: - ["Pre-image resistance"](https://en.wikipedia.org/wiki/Preimage_attack): Given a hash value, it should be very difficult to determine the original data it represents. - ["Collision resistance"](https://en.wikipedia.org/wiki/Collision_resistance): It should be very difficult to find two distinct pieces of data that map to the same hash value. +## Message Authentication Codes + +[Message Authentication Codes](https://en.wikipedia.org/wiki/Message_authentication_code) (MAC, also called authentication tags) are small pieces of information, which can be used to verify the integrity and authenticity of a message. +They are calculated over the original message using a (symmetric) secret key. +The recipient of a message containing a MAC, who is also in posession of the secret key can verify that the message has not been tampered with. + +[HMAC](https://en.wikipedia.org/wiki/HMAC) is a hash-based message authentication code, which is used in the OpenPGP protocol. + ### Key Derivation Functions Hash functions can also be used to construct [key derivation functions](https://en.wikipedia.org/wiki/Key_derivation_function) (KDF). Those can for instance be used to derive symmetric key material from a password by repeatedly feeding it through a hash function. -A prominent example of a KDF which is relevant for the OpenPGP specification is the so-called [HKDF](https://en.wikipedia.org/wiki/HKDF) which is based on the [HMAC](https://en.wikipedia.org/wiki/HMAC) message authentication code. +A prominent example of a KDF which is relevant for the OpenPGP specification is the so-called [HKDF](https://en.wikipedia.org/wiki/HKDF) which is a key derivation function based on the HMAC message authentication code. -More information on KDFs and their use in the OpenPGP protocol can be found in chapters XXX (S2K) and YYY (SEIPDv2). +More information on KDFs and their use in the OpenPGP protocol can be found in chapters [5](encrypted_secrets) and 10 (SEIPDv2). ## Symmetric-key cryptography