From 773015bdf4a5e4c09f2252ba025afa6e619d4726 Mon Sep 17 00:00:00 2001 From: "Tammi L. Coles" Date: Fri, 13 Oct 2023 15:48:49 +0200 Subject: [PATCH] clarify private vs secret in this document --- book/source/03-cryptography.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/book/source/03-cryptography.md b/book/source/03-cryptography.md index 5e2be0a..2728c9d 100644 --- a/book/source/03-cryptography.md +++ b/book/source/03-cryptography.md @@ -69,7 +69,6 @@ By addressing the malleability problem, AEAD also counters a variation of the EF [^efail]: A variation of the [EFAIL](https://en.wikipedia.org/wiki/EFAIL) attack can be prevented by both the MDC and AEAD mechanisms. Also see ["No, PGP is not broken, not even with the Efail vulnerabilities,"](https://proton.me/blog/pgp-vulnerability-efail) especially the section "Malleability Gadget Exfiltration Channel Attack." - ## Public-key (asymmetric) cryptography [Public-key cryptography](https://en.wikipedia.org/wiki/Public-key_cryptography) uses asymmetric pairs of related keys. Each pair consists of a public key and a private key. These systems support encryption, decryption, and digital signature operations. @@ -104,7 +103,9 @@ OpenPGP extensively uses public-key cryptography for encryption and digital sign ```{admonition} Terminology :class: note -OpenPGP documentation, including the foundational RFC, opts for the term "secret key" over the more commonly used "private key." As a result, you'll encounter the "public/secret key" pairing more frequently than "public/private key." But don't worry; "secret key" and "private key" serve the same purpose in cryptographic operations. This terminology reflects historical preferences in the OpenPGP community, not a difference in technology. +OpenPGP documentation, including the foundational RFC, opts for the term "secret key" over the more widely accepted "private key." As a result, in the RFC, you'll encounter the "public/secret key" pairing more frequently than "public/private key." This terminology reflects historical developments in the OpenPGP community, not a difference in technology. + +While "secret key" and "private key" serve the same purpose in cryptographic operations, this document will use the more common "public/private" terminology for clarity and consistency with broader cryptographic discussions. ``` ### Cryptographic digital signatures