Merge pull request 'tammi-ch3' (#62) from tammi-ch3 into draft

Reviewed-on: https://codeberg.org/openpgp/notes/pulls/62
2024-11-27 01:52:06 +01:00 · 2023-10-22 08:00:51 +00:00 · 2023-10-22 08:00:51 +00:00 · 81d44a4700
commit 81d44a4700
parent 14de863d53 cf8c754624
7 changed files with 597 additions and 41 deletions
--- a/book/source/03-cryptography.md
+++ b/book/source/03-cryptography.md
@ -8,36 +8,42 @@
 - Show example visualizations for operations? (encrypt/decrypt and signing/verification - only if we're going to reuse the visual primitives later)
 ```
-## (Cryptographic) hash functions
+## Cryptographic hash functions
-[(Cryptographic) hash functions](https://en.wikipedia.org/wiki/Cryptographic_hash_function) map binary data of arbitrary length to a fixed size "hash" (hashes are also sometimes called "digests").
+[Cryptographic hash functions](https://en.wikipedia.org/wiki/Cryptographic_hash_function) take data strings of any length (like a text message or file) and output a fixed-size code, often called a "hash" or "digest." This hash acts like a unique identifier for the original data. 
-Hash functions are used in cryptography to produce shorthand "placeholders" for data. Two properties of cryptographic hash functions are particularly important:
+Here are two important properties of cryptographic hash functions:
- ["Pre-image resistance"](https://en.wikipedia.org/wiki/Preimage_attack): Given a hash value, it should be hard to find a message that maps to that hash value.
+- ["Pre-image resistance"](https://en.wikipedia.org/wiki/Preimage_attack): Given a hash value, it should be very difficult to determine the original data it represents.
- ["Collision resistance"](https://en.wikipedia.org/wiki/Collision_resistance): It should be hard to find two messages that map to the same hash value.
+- ["Collision resistance"](https://en.wikipedia.org/wiki/Collision_resistance): It should be very difficult to find two distinct pieces of data that map to the same hash value.
 ## Symmetric-key cryptography
-[Symmetric-key cryptography](https://en.wikipedia.org/wiki/Symmetric-key_algorithm) uses the same cryptographic key for both encryption and decryption. Symmetric-key cryptographic systems support *encryption/decryption* operations.
+[Symmetric-key cryptography](https://en.wikipedia.org/wiki/Symmetric-key_algorithm) uses the same cryptographic key for both encryption and decryption, unlike asymmetric cryptography where a pair of keys is used: a public key for encryption and a corresponding private key for decryption. Symmetric-key cryptographic systems support *encryption/decryption* operations.
 Participants in symmetric-key operations need to exchange the shared secret over a secure channel.
-```{admonition} VISUAL
+```{figure} diag/symmetric_key.png
-:class: warning
+---
-
+---
- visualization? (maybe a black key icon, following wikipedia's example?)
+A symmetric cryptographic key (which acts as a shared secret) 
 ```
 ### Benefits and downsides
-Symmetric-key cryptography has major benefits: it is much faster than public-key cryptography (see below). Also, most current symmetric cryptographic algorithms are considered quantum-resistant[^postquantum].
+Symmetric-key cryptography has major benefits: It is much faster than public-key cryptography (see below). Also, most current symmetric cryptographic algorithms are considered quantum-resistant[^postquantum].
 ```{admonition} 
 :class: warning
 I am not convinced that this information is helpful but, if it remains, perhaps we need this additional statement: "That is, symmetric-key cryptographic mechanisms are currently considered to be resilient against known computer threats, providing a measure of assurance in the evolving landscape of cryptography and quantum computing."
 [^postquantum]: Daniel J. Bernstein (2009). ["Introduction to post-quantum cryptography" (PDF)](http://www.pqcrypto.org/www.springer.com/cda/content/document/cda_downloaddocument/9783540887010-c1.pdf) states that: "many important classes of cryptographic systems", including secret-key cryptographic mechanisms like AES "[..] are believed to resist classical computers and quantum computers." (pages 1, 2).
 ```
 However, exchanging the required shared secret is a problem that needs to be solved separately.
-[Hybrid cryptosystems](hybrid_cryptosystems) (see below) are one common approach to leverage the benefits of symmetric-key cryptography, while handling the shared secret with a separate mechanism (using public-key cryptography).
+[Hybrid cryptosystems](hybrid_cryptosystems) combine the advantages of symmetric-key cryptography with a separate mechanism for managing the shared secret, using public-key cryptography.
 ### Symmetric-key cryptography in OpenPGP
@ -45,85 +51,91 @@ Symmetric-key cryptography is used in OpenPGP in three contexts:
 - most prominently, as part of a hybrid cryptosystem to encrypt and decrypt data,
 - to encrypt [password-protected private key material](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-10.html#name-secret-key-encryption), and
- for [password-protected data encryption](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-10.html#name-symmetric-key-encrypted-ses) (a less commonly used feature of the standard).
+- for [password-protected data encryption](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-10.html#name-symmetric-key-encrypted-ses), a less commonly used feature of the standard.
 Where symmetric keys are used in OpenPGP for data encryption, they are called either "message keys" or "session keys[^sessionkey]."
-[^sessionkey]: In OpenPGP version 6, when using the ["Version 2 Symmetrically Encrypted Integrity Protected Data Packet Format"](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-10.html#name-version-2-symmetrically-enc), a "message key" is derived from a "session key". Previously (up to OpenPGP version 4, and in version 6 when using ["Version 1 Symmetrically Encrypted Integrity Protected Data Packet Format"](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-10.html#name-version-1-symmetrically-enc)), the "session key" was used directly as a symmetric encryption key.
+[^sessionkey]: In OpenPGP version 6, the ["Version 2 Symmetrically Encrypted Integrity Protected Data Packet Format"](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-10.html#name-version-2-symmetrically-enc) requires that a "message key" is derived from a "session key." In contrast, up to OpenPGP version 4, and in version 6 when using ["Version 1 Symmetrically Encrypted Integrity Protected Data Packet Format"](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-10.html#name-version-1-symmetrically-enc), the "session key" was used directly as a symmetric encryption key.
 ### Authenticated encryption with associated data (AEAD)
-[Authenticated encryption](https://en.wikipedia.org/wiki/Authenticated_encryption) is a class of cryptographic schemes that gives additional guarantees besides confidentiality.
+[Authenticated encryption](https://en.wikipedia.org/wiki/Authenticated_encryption) offers more than just confidentiality; it ensures data integrity too.
-In OpenPGP version 6, AEAD was introduced as a successor to the MDC[^MDC] mechanism. AEAD is a common mechanism to solve the problem of "malleability": In past versions of the OpenPGP protocol, some malicious changes to ciphertext were undetectable. AEAD protects against undetected changes of ciphertext.
+In OpenPGP version 6, AEAD replaced the MDC[^MDC] mechanism to address malleability. In earlier OpenPGP versions, malicious alterations to ciphertext might go unnoticed. AEAD guards against such undetected changes.
-[^MDC]: In OpenPGP version 4, a mechanism called MDC (Modification Detection Code) was introduced to serve a comparable purpose as AEAD. While MDC is a non-standard mechanism, as of this writing, there are no known attacks against the scheme.
+[^MDC]: OpenPGP version 4 introduced a mechanism called MDC (Modification Detection Code), which fulfills a comparable purpose as AEAD in safeguarding message integrity. MDC is a non-standard mechanism, but no known attacks have compromised this scheme as of this document's last update.
-Protecting against malleability counters a variation of the EFAIL[^efail] attack.
+By addressing the malleability problem, AEAD also counters a variation of the EFAIL[^efail] attack.
-[^efail]: A variation of the [EFAIL](https://en.wikipedia.org/wiki/EFAIL) attack can be prevented by both the MDC and AEAD mechanisms. Also see ["No, PGP is not broken, not even with the Efail vulnerabilities"](https://proton.me/blog/pgp-vulnerability-efail), especially the section "Malleability Gadget Exfiltration Channel Attack".
+[^efail]: A variation of the [EFAIL](https://en.wikipedia.org/wiki/EFAIL) attack can be prevented by both the MDC and AEAD mechanisms. Also see ["No, PGP is not broken, not even with the Efail vulnerabilities,"](https://proton.me/blog/pgp-vulnerability-efail) especially the section "Malleability Gadget Exfiltration Channel Attack."
 ## Public-key (asymmetric) cryptography
-## Public-key, or asymmetric cryptography
+[Public-key cryptography](https://en.wikipedia.org/wiki/Public-key_cryptography) uses asymmetric pairs of related keys. Each pair consists of a public key and a private key. These systems support encryption, decryption, and digital signature operations.
-[Public-key cryptography](https://en.wikipedia.org/wiki/Public-key_cryptography) systems use asymmetric pairs of related keys. Public-key cryptographic systems support *encryption/decryption* as well as *digital signature* operations.
+Unlike symmetric cryptography, participants are not required to pre-arrange a shared secret. In public-key cryptography, the public key material is shared openly for certain cryptographic operations, such as encryption and signature creation, while the private key, kept confidential, is used for operations like decryption and signature verification.
 Unlike symmetric cryptography, public-key cryptography doesn't require participants to pre-arrange a shared secret. Instead, with public-key cryptography, the public parts of the key material can be shared openly and then used for cryptographic operations.
 (asymmetric_key_pair)=
 ### Asymmetric cryptographic key pairs
-In many places, we'll deal with asymmetric cryptographic key pairs:
+Throughout this document, we will frequently reference asymmetric cryptographic key pairs:
-```{figure} diag/cryptographic_keypair.png
+```{figure} diag/asymmetric_keypair.png
 ---
 ---
 An asymmetric cryptographic key pair
 ```
-An asymmetric cryptographic key pair consists of a public and a private part. In this document, we'll show the public part of a key pair in green, and the private part in red.
+Each key pair comprises two parts: the public key and the private key. For ease of identification, we will depict the public key in green and the private key in red throughout this document.
-Note that in many contexts, only the public part is present (more on that later):
+It's important to note that in many scenarios, only the public key is exposed or used (we will expand on these situations in subsequent sections):
-```{figure} diag/keypair_pub.png
+```{figure} diag/public_key.png
 ---
 ---
-Only the public part of an asymmetric key pair
+The public parts of an asymmetric key pair
 ```
-### Public-key cryptography in OpenPGP
+### Usage and terminology in OpenPGP
-OpenPGP makes heavy use of public-key cryptography, both for encryption and signing operations.
+OpenPGP extensively uses public-key cryptography for encryption and digital signing operations.
 ```{admonition} Terminology
 :class: note
-For historical reasons, the OpenPGP RFC and other documentation often use the non-standard term "secret key" instead of the more common "private key."
+OpenPGP documentation, including the foundational RFC, opts for the term "secret key" over the more widely accepted "private key." As a result, in the RFC, you'll encounter the "public/secret key" pairing more frequently than "public/private key." This terminology reflects historical developments in the OpenPGP community, not a difference in technology.
-So in OpenPGP, the pair of terms "public/secret key" is sometimes used instead of the more common "public/private key."
+While "secret key" (as used in the OpenPGP RFC) and "private key" serve the same purpose in cryptographic operations, this document will use the more common "public/private" terminology for clarity and consistency with broader cryptographic discussions. 
 ```
 ### Cryptographic digital signatures
-[Digital signatures](https://en.wikipedia.org/wiki/Digital_signature) are a mechanism that is based on asymmetric cryptography. With this mechanism, one actor can make a signature over a digital message, and another actor can check the validity of that signature.
+[Digital signatures](https://en.wikipedia.org/wiki/Digital_signature) are a fundamental mechanism of asymmetric cryptography, providing secure, mathematical means to validate the authenticity, integrity, and origin of digital messages and documents. 
-The signer uses digital signatures to make statements about the message. Third parties can then inspect these statements.
+In OpenPGP, digital signatures have diverse applications, extending beyond mere validation of a message's origin. They can signify various intents, including certification, consent, acknowledgment, or even revocation by the signer. The multifaceted nature of "statements" conveyed through digital signatures in cryptographic protocols is wide-ranging but crucial, allowing third parties to inspect/evaluate these statements for authenticity and intended purpose.
 ```{admonition} VISUAL
 :class: warning
- add visualization showing: message + private key + sign = signature -> message + signature + public key + verify = ok?
+- add visualization showing: message + private key (signing) = signature -> message + signature + public key (verification) = validation confirmed?
 ```
-In OpenPGP, digital signatures are used in two different contexts:
+Digital signatures in OpenPGP are used in two primary contexts:
 - [Certification statements](certifications_chapter)
- [Signatures over data](signing_data)
+- [Data signatures](signing_data)
 (hybrid_cryptosystems)=
 ## Hybrid cryptosystems
-[Hybrid cryptosystems](https://en.wikipedia.org/wiki/Hybrid_cryptosystem) combine two cryptosystems and make use of their respective advantages:
+OpenPGP uses a hybrid cryptosystem. [Hybrid cryptosystems](https://en.wikipedia.org/wiki/Hybrid_cryptosystem) combine the use of symmetric and asymmetric (public-key) cryptography to capitalize on the strengths of each, namely symmetric cryptography's speed and efficiency and public-key cryptography's mechanism for secure key exchange.
- A public-key cryptosystem is used to safely handle shared secrets over insecure channels (in OpenPGP: so-called "session keys")
+```{admonition} 
- A symmetric-key cryptosystem is used to efficiently encrypt and decrypt long messages (using an OpenPGP "session key" as the shared secret)
+:class: warning
 Move this to the chapter that details it:
 Within OpenPGP's hybrid system, so-called "session keys" are central. They are generated uniquely for each session and are instrumental in both encrypting and decrypting the actual message content, using the efficiency of symmetric-key cryptography.
 Using asymmetric (public-key) cryptography, the session keys are also encrypted. This ensures that only the intended recipient, the holder of the corresponding private key, can decrypt and gain access to the session key. With the decrypted session key, they can then use the session key to decrypt the actual message.
 ```
--- a/book/source/diag/asymmetric_keypair.png
+++ b/book/source/diag/asymmetric_keypair.png
--- a/book/source/diag/asymmetric_keypair.svg
+++ b/book/source/diag/asymmetric_keypair.svg
--- a/book/source/diag/public_key.png
+++ b/book/source/diag/public_key.png
--- a/book/source/diag/public_key.svg
+++ b/book/source/diag/public_key.svg
@ -0,0 +1,129 @@
 <?xml version="1.0" encoding="UTF-8" standalone="no"?>
 <svg
   viewBox="0 0 661.34149 269.23938"
   version="1.1"
   id="svg1"
   width="661.34149"
   height="269.23938"
   xml:space="preserve"
   xmlns="http://www.w3.org/2000/svg"
   xmlns:svg="http://www.w3.org/2000/svg"><defs
     id="defs1"><linearGradient
       id="swatch251"><stop
         style="stop-color:#195962;stop-opacity:1;"
         offset="0"
         id="stop251" /></linearGradient><filter
       style="color-interpolation-filters:sRGB"
       id="filter90-2-0"
       x="-0.019165827"
       y="-0.028762207"
       width="1.0414438"
       height="1.0655139"><feFlood
         result="flood"
         in="SourceGraphic"
         flood-opacity="0.796078"
         flood-color="rgb(62,67,73)"
         id="feFlood89-3-6" /><feGaussianBlur
         result="blur"
         in="SourceGraphic"
         stdDeviation="2.132 0"
         id="feGaussianBlur89-7-8" /><feOffset
         result="offset"
         in="blur"
         dx="1.000000"
         dy="1.000000"
         id="feOffset89-5-9" /><feComposite
         result="comp1"
         operator="in"
         in="flood"
         in2="offset"
         id="feComposite89-9-2" /><feComposite
         result="fbSourceGraphic"
         operator="over"
         in="SourceGraphic"
         in2="comp1"
         id="feComposite90-2-6" /><feColorMatrix
         result="fbSourceGraphicAlpha"
         in="fbSourceGraphic"
         values="0 0 0 -1 0 0 0 0 -1 0 0 0 0 -1 0 0 0 0 1 0"
         id="feColorMatrix90-2-6" /><feFlood
         id="feFlood90-8-4"
         result="flood"
         in="fbSourceGraphic"
         flood-opacity="0.796078"
         flood-color="rgb(62,67,73)" /><feGaussianBlur
         id="feGaussianBlur90-9-9"
         result="blur"
         in="fbSourceGraphic"
         stdDeviation="3.000000" /><feOffset
         id="feOffset90-7-5"
         result="offset"
         in="blur"
         dx="1.000000"
         dy="1.000000" /><feComposite
         id="feComposite91-3-0"
         result="comp1"
         operator="in"
         in="flood"
         in2="offset" /><feComposite
         id="feComposite92-6-4"
         result="comp2"
         operator="over"
         in="fbSourceGraphic"
         in2="comp1" /></filter></defs><!--! Font Awesome Pro 6.4.2 by @fontawesome - https://fontawesome.com License - https://fontawesome.com/license (Commercial License) Copyright 2023 Fonticons, Inc. --><g
     id="layer10"
     transform="translate(1251.7023,-966.50111)"><g
       id="layer6-2"
       style="display:inline;fill:#61a78d;fill-opacity:1"
       transform="translate(-0.95068361,669.62611)"><path
         style="display:inline;fill:#ffffff;fill-opacity:1;stroke:none;stroke-width:1.31168;stroke-linecap:butt;stroke-linejoin:miter;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1;paint-order:fill markers stroke;filter:url(#filter90-2-0)"
         id="rect65-7"
         width="642.6438"
         height="250.32849"
         x="825.70776"
         y="875.02576"
         transform="matrix(0.7953885,0,0,0.84925697,-1832.6321,-407.60505)"
         d="m 855.24156,875.02576 h 583.57624 c 16.3617,0 29.5338,12.33657 29.5338,27.66046 v 195.00758 c 0,15.3239 -13.1721,27.6604 -29.5338,27.6604 H 855.24156 c -16.36172,0 -29.5338,-12.3365 -29.5338,-27.6604 V 902.68622 c 0,-15.32389 13.17208,-27.66046 29.5338,-27.66046 z"
         ry="27.660467"
         rx="29.5338" /><g
         id="g11-8-2"
         transform="matrix(0.86376245,0,0,0.86376245,-1913.5458,171.61913)"><rect
           style="font-variation-settings:'wght' 700;fill:#195962;stroke-width:2.53446;stroke-linecap:round;stroke-linejoin:round;paint-order:markers fill stroke"
           id="rect1-9-2"
           width="272.103"
           height="73.842331"
           x="914.89185"
           y="156.37508" /><g
           id="g4-7-6"
           transform="translate(-11.145477,39.927363)"><rect
             style="font-variation-settings:'wght' 700;fill:#e6e6e6;fill-opacity:1;stroke-width:2.49322;stroke-linecap:round;stroke-linejoin:round;paint-order:markers fill stroke"
             id="rect1-3-7-1"
             width="272.53439"
             height="71.346413"
             x="917.30688"
             y="126.45267" /><text
             xml:space="preserve"
             style="font-style:normal;font-variant:normal;font-weight:600;font-stretch:normal;font-size:20.8391px;font-family:Montserrat;-inkscape-font-specification:'Montserrat, Semi-Bold';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal;white-space:pre;inline-size:235.782;display:inline;fill:#3e4349;fill-opacity:1;stroke-width:3.5;stroke-linecap:round;stroke-linejoin:round;paint-order:markers fill stroke"
             x="964.56708"
             y="158.44606"
             id="text1-6-0"
             transform="translate(-15.170772,-2.4355768)"><tspan
               x="964.56708"
               y="158.44606"
               id="tspan1">Public part of an </tspan><tspan
               x="964.56708"
               y="184.49494"
               id="tspan2">asymmetric keypair</tspan></text></g></g><path
         id="path2-1-4-5-4"
         style="display:inline;fill:none;fill-opacity:1;stroke:#006961;stroke-width:10.4431;stroke-linecap:round;stroke-dasharray:none;stroke-opacity:1"
         d="m 156.30312,759.25868 c -9.78054,19.91382 -30.12868,33.02384 -53.81237,33.02384 -33.173715,0 -60.066326,-26.89261 -60.066326,-60.06633 0,-33.17372 26.892611,-60.06633 60.066326,-60.06633 23.31181,0 43.58824,15.15712 53.54415,34.5646 m -9.14624,1.20213 h 4.97796 c 10.89491,0.20296 25.86265,0 38.79397,0 l 11.43353,7.63836 14.59897,-7.63836 14.59896,7.3422 h 10.87817 l 11.54761,-7.3422 17.66083,7.3422 16.34856,-7.34219 22,25.45886 -22,25.45887 h -135.8606 -4.97796 M 89.058073,732.21619 c -4e-6,6.98969 -5.666271,12.65596 -12.655965,12.65596 -6.989695,0 -12.655963,-5.66627 -12.655967,-12.65596 -2e-6,-6.9897 5.666268,-12.65597 12.655967,-12.65597 6.989698,0 12.655967,5.66627 12.655965,12.65597 z"
         transform="matrix(0.5520304,0,0,-0.5520304,-961.5735,865.9823)" /><text
         xml:space="preserve"
         style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:21.3333px;font-family:Sans;-inkscape-font-specification:'Sans, @wght=500';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal;font-variation-settings:'wght' 500;text-align:start;text-anchor:start;display:inline;fill:#3e4349;fill-opacity:1;stroke:none;stroke-width:3.5;stroke-linecap:round;stroke-linejoin:round;stroke-opacity:1;paint-order:markers fill stroke"
         x="-1082.8253"
         y="467.71802"
         id="text11-2-1-8-9"><tspan
           id="tspan11-9-03-1-0"
           x="-1082.8253"
           y="467.71802"
           style="font-style:normal;font-variant:normal;font-weight:500;font-stretch:normal;font-size:21.3333px;font-family:Montserrat;-inkscape-font-specification:'Montserrat Medium';text-align:start;text-anchor:start">Public Key</tspan></text></g></g></svg>
--- a/book/source/diag/symmetric_key.png
+++ b/book/source/diag/symmetric_key.png
--- a/book/source/diag/symmetric_key.svg
+++ b/book/source/diag/symmetric_key.svg
@ -0,0 +1,194 @@
 <?xml version="1.0" encoding="UTF-8" standalone="no"?>
 <svg
   viewBox="0 0 663.29212 239.27057"
   version="1.1"
   id="svg1"
   sodipodi:docname="diag_library_draft.svg"
   inkscape:version="1.3 (0e150ed6c4, 2023-07-21)"
   width="663.29211"
   height="239.27057"
   xml:space="preserve"
   xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
   xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
   xmlns="http://www.w3.org/2000/svg"
   xmlns:svg="http://www.w3.org/2000/svg"><defs
     id="defs1"><inkscape:path-effect
       effect="fillet_chamfer"
       id="path-effect68"
       is_visible="true"
       lpeversion="1"
       nodesatellites_param="F,0,0,1,0,0,0,1 @ F,0,0,1,0,0,0,1 @ F,0,0,1,0,0,0,1 @ F,0,0,1,0,0,0,1 @ F,0,0,1,0,0,0,1 @ F,0,0,1,0,0,0,1 @ F,0,0,1,0,0,0,1 @ F,0,0,1,0,0,0,1"
       radius="0"
       unit="px"
       method="auto"
       mode="F"
       chamfer_steps="1"
       flexible="false"
       use_knot_distance="true"
       apply_no_radius="true"
       apply_with_radius="true"
       only_selected="false"
       hide_knots="false" /><linearGradient
       id="swatch251"
       inkscape:swatch="solid"><stop
         style="stop-color:#195962;stop-opacity:1;"
         offset="0"
         id="stop251" /></linearGradient><filter
       style="color-interpolation-filters:sRGB"
       inkscape:label="Drop Shadow"
       id="filter90-2"
       x="-0.020186609"
       y="-0.031382771"
       width="1.0434854"
       height="1.070755"><feFlood
         result="flood"
         in="SourceGraphic"
         flood-opacity="0.796078"
         flood-color="rgb(62,67,73)"
         id="feFlood89-3" /><feGaussianBlur
         result="blur"
         in="SourceGraphic"
         stdDeviation="2.132 0"
         id="feGaussianBlur89-7" /><feOffset
         result="offset"
         in="blur"
         dx="1.000000"
         dy="1.000000"
         id="feOffset89-5" /><feComposite
         result="comp1"
         operator="in"
         in="flood"
         in2="offset"
         id="feComposite89-9" /><feComposite
         result="fbSourceGraphic"
         operator="over"
         in="SourceGraphic"
         in2="comp1"
         id="feComposite90-2" /><feColorMatrix
         result="fbSourceGraphicAlpha"
         in="fbSourceGraphic"
         values="0 0 0 -1 0 0 0 0 -1 0 0 0 0 -1 0 0 0 0 1 0"
         id="feColorMatrix90-2" /><feFlood
         id="feFlood90-8"
         result="flood"
         in="fbSourceGraphic"
         flood-opacity="0.796078"
         flood-color="rgb(62,67,73)" /><feGaussianBlur
         id="feGaussianBlur90-9"
         result="blur"
         in="fbSourceGraphic"
         stdDeviation="3.000000" /><feOffset
         id="feOffset90-7"
         result="offset"
         in="blur"
         dx="1.000000"
         dy="1.000000" /><feComposite
         id="feComposite91-3"
         result="comp1"
         operator="in"
         in="flood"
         in2="offset" /><feComposite
         id="feComposite92-6"
         result="comp2"
         operator="over"
         in="fbSourceGraphic"
         in2="comp1" /></filter><inkscape:path-effect
       effect="fillet_chamfer"
       id="path-effect62-0"
       is_visible="true"
       lpeversion="1"
       nodesatellites_param="F,0,0,1,0,0,0,1 @ F,0,0,1,0,0,0,1 @ F,0,0,1,0,0,0,1 @ F,0,0,1,0,0,0,1 @ F,0,0,1,0,0,0,1 @ F,0,0,1,0,0,0,1 @ F,0,0,1,0,0,0,1 @ F,0,0,1,0,0,0,1 @ F,0,0,1,0,0,0,1 @ F,0,0,1,0,0,0,1 @ F,0,0,1,0,0,0,1 @ F,0,0,1,0,0,0,1 @ F,0,0,1,0,0,0,1 @ F,0,0,1,0,0,0,1 @ F,0,0,1,0,0,0,1 | F,0,0,1,0,0,0,1 @ F,0,0,1,0,0,0,1 @ F,0,0,1,0,0,0,1 @ F,0,0,1,0,0,0,1 @ F,0,0,1,0,0,0,1 @ F,0,0,1,0,0,0,1 @ F,0,0,1,0,0,0,1 @ F,0,0,1,0,0,0,1 @ F,0,0,1,0,0,0,1 @ F,0,0,1,0,0,0,1 @ F,0,0,1,0,0,0,1 @ F,0,0,1,0,0,0,1 @ F,0,0,1,0,0,0,1 @ F,0,0,1,0,0,0,1 @ F,0,0,1,0,0,0,1 @ F,0,0,1,0,0,0,1 @ F,0,0,1,0,0,0,1 @ F,0,0,1,0,0,0,1 @ F,0,0,1,0,0,0,1 @ F,0,0,1,0,0,0,1 @ F,0,0,1,0,0,0,1 @ F,0,0,1,0,0,0,1 @ F,0,0,1,0,0,0,1 @ F,0,0,1,0,0,0,1 @ F,0,0,1,0,0,0,1 @ F,0,0,1,0,0,0,1 @ F,0,0,1,0,0,0,1 | F,0,0,1,0,0,0,1 @ F,0,0,1,0,0,0,1 @ F,0,0,1,0,0,0,1 @ F,0,0,1,0,0,0,1 @ F,0,0,1,0,0,0,1 @ F,0,0,1,0,0,0,1 @ F,0,0,1,0,0,0,1 @ F,0,0,1,0,0,0,1 | F,0,0,1,0,0,0,1 @ F,0,0,1,0,0,0,1 @ F,0,0,1,0,0,0,1 @ F,0,0,1,0,0,0,1 @ F,0,0,1,0,0,0,1 @ F,0,0,1,0,0,0,1 @ F,0,0,1,0,0,0,1 @ F,0,0,1,0,0,0,1 | F,0,0,1,0,0,0,1 @ F,0,0,1,0,0,0,1 @ F,0,0,1,0,0,0,1 @ F,0,0,1,0,0,0,1 @ F,0,0,1,0,0,0,1 @ F,0,0,1,0,0,0,1 @ F,0,0,1,0,0,0,1 @ F,0,0,1,0,0,0,1 | F,0,0,1,0,0,0,1 @ F,0,0,1,0,0,0,1 @ F,0,0,1,0,0,0,1 | F,0,0,1,0,0,0,1 @ F,0,0,1,0,0,0,1 @ F,0,0,1,0,0,0,1 @ F,0,0,1,0,0,0,1 | F,0,0,1,0,0,0,1 @ F,0,0,1,0,0,0,1 @ F,0,0,1,0,0,0,1 @ F,0,0,1,0,0,0,1 | F,0,0,1,0,0,0,1 @ F,0,0,1,0,0,0,1 @ F,0,0,1,0,0,0,1 @ F,0,0,1,0,0,0,1 | F,0,0,1,0,0,0,1 @ F,0,0,1,0,0,0,1 @ F,0,0,1,0,0,0,1 @ F,0,0,1,0,0,0,1 | F,0,0,1,0,0,0,1 @ F,0,0,1,0,0,0,1 @ F,0,0,1,0,0,0,1 @ F,0,0,1,0,0,0,1"
       radius="0"
       unit="px"
       method="auto"
       mode="F"
       chamfer_steps="1"
       flexible="false"
       use_knot_distance="true"
       apply_no_radius="true"
       apply_with_radius="true"
       only_selected="false"
       hide_knots="false" /></defs><sodipodi:namedview
     id="namedview1"
     pagecolor="#ffffff"
     bordercolor="#000000"
     borderopacity="0.25"
     inkscape:showpageshadow="2"
     inkscape:pageopacity="0.0"
     inkscape:pagecheckerboard="0"
     inkscape:deskcolor="#d1d1d1"
     inkscape:lockguides="false"
     inkscape:zoom="0.77037638"
     inkscape:cx="2217.0981"
     inkscape:cy="1738.7605"
     inkscape:window-width="2560"
     inkscape:window-height="1371"
     inkscape:window-x="0"
     inkscape:window-y="305"
     inkscape:window-maximized="1"
     inkscape:current-layer="g67-9"
     showgrid="false"
     inkscape:export-bgcolor="#ffffff00"
     showguides="false"><inkscape:page
       x="1.0141021e-05"
       y="3.738563e-06"
       width="663.29211"
       height="239.27057"
       id="page54"
       margin="0"
       bleed="0" /></sodipodi:namedview><!--! Font Awesome Pro 6.4.2 by @fontawesome - https://fontawesome.com License - https://fontawesome.com/license (Commercial License) Copyright 2023 Fonticons, Inc. --><g
     inkscape:groupmode="layer"
     id="layer10"
     inkscape:label="Chapter 3"
     transform="translate(1253.9165,-685.76021)"><g
       inkscape:groupmode="layer"
       id="g59"
       inkscape:label="Symmetric key"
       style="display:inline;fill:#61a78d;fill-opacity:1"
       transform="translate(34.036671)"><path
         style="display:inline;fill:#ffffff;fill-opacity:1;stroke:none;stroke-width:1.31168;stroke-linecap:butt;stroke-linejoin:miter;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1;paint-order:fill markers stroke;filter:url(#filter90-2)"
         id="path54"
         width="642.6438"
         height="250.32849"
         x="825.70776"
         y="875.02576"
         transform="matrix(0.69387591,0,0,0.76084931,-1753.5098,53.986183)"
         inkscape:path-effect="#path-effect68"
         sodipodi:type="rect"
         d="m 859.5623,875.02576 h 574.9347 c 18.7554,0 33.8546,13.77003 33.8546,30.8745 v 188.57944 c 0,17.1045 -15.0992,30.8745 -33.8546,30.8745 H 859.5623 c -18.75541,0 -33.85454,-13.77 -33.85454,-30.8745 V 905.90026 c 0,-17.10447 15.09913,-30.8745 33.85454,-30.8745 z"
         ry="30.874504"
         rx="33.854534" /><g
         id="g56"
         transform="matrix(0.86376245,0,0,0.86376245,-1925.8086,560.71661)"
         inkscape:label="Diagramm Header"><rect
           style="font-variation-settings:'wght' 700;fill:#195962;stroke-width:2.05191;stroke-linecap:round;stroke-linejoin:round;paint-order:markers fill stroke"
           id="rect54"
           width="263.40088"
           height="50"
           x="913.1311"
           y="156.37508" /><g
           id="g55"
           transform="translate(-11.145477,39.927363)"><rect
             style="font-variation-settings:'wght' 700;fill:#e6e6e6;fill-opacity:1;stroke-width:2.05381;stroke-linecap:round;stroke-linejoin:round;paint-order:markers fill stroke"
             id="rect55"
             width="263.88953"
             height="50"
             x="917.30688"
             y="126.45267" /><text
             xml:space="preserve"
             style="font-style:normal;font-variant:normal;font-weight:600;font-stretch:normal;font-size:24px;font-family:Montserrat;-inkscape-font-specification:'Montserrat, Semi-Bold';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal;fill:#3e4349;fill-opacity:1;stroke-width:3.5;stroke-linecap:round;stroke-linejoin:round;paint-order:markers fill stroke"
             x="957.30615"
             y="160.47955"
             id="text55"><tspan
               sodipodi:role="line"
               id="tspan55"
               x="957.30615"
               y="160.47955">Symmetric key</tspan></text></g></g><path
         id="path1-6"
         style="color:#000000;fill:#baa600;fill-opacity:1;stroke:#baa600;stroke-width:1.579;stroke-linecap:round;stroke-dasharray:none;stroke-opacity:1"
         d="m 51.039502,477.193 c -7.204445,0 -13.087357,5.88404 -13.087358,13.08848 v 52.2623 c 1e-6,7.20445 5.882913,13.08736 13.087358,13.08736 h 35.760795 c 7.204443,0 13.087357,-5.88291 13.087357,-13.08736 v -10.4133 h 89.613036 c 2.70413,0 4.93846,-2.23546 4.93846,-4.93959 V 505.8856 c 0,-2.70412 -2.23433,-4.93958 -4.93846,-4.93959 h -23.09553 c -22.1765,0 -44.34846,0.0361 -66.517506,0 v -10.66453 c 0,-7.20444 -5.882914,-13.08848 -13.087357,-13.08848 z m 0,4.00033 h 35.760795 c 5.042684,0 9.087026,4.04547 9.087026,9.08815 v 10.66453 c -0.05354,-1.1e-4 -0.107136,1.2e-4 -0.16069,0 h -0.0023 -2.886799 c -1.10426,2.2e-4 -1.999382,0.89535 -1.999598,1.99961 -3.97e-4,1.10469 0.894904,2.0005 1.999598,2.00072 h 2.88454 c 0.722102,0.002 1.443852,-0.001 2.165948,0 22.842678,0.0422 45.682308,0 68.517098,0 h 23.09554 c 0.54237,0 0.93813,0.39689 0.93813,0.93926 v 21.30529 c 0,0.54237 -0.39576,0.93926 -0.93813,0.93926 h -93.778586 -2.88454 c -1.104256,2.2e-4 -1.999377,0.89534 -1.999598,1.9996 -4.03e-4,1.1047 0.8949,2.00051 1.999598,2.00073 h 2.88454 0.165215 v 10.4133 c 0,5.04269 -4.044342,9.08703 -9.087026,9.08703 H 51.039502 c -5.042687,0 -9.088159,-4.04434 -9.08816,-9.08703 v -52.2623 c 1e-6,-5.04268 4.045473,-9.08815 9.08816,-9.08815 z m 9.201725,22.3894 -3.793241,0.0588 c -3.771998,0.0585 -6.839601,3.17466 -6.839601,6.9471 v 11.85728 c 0,3.76993 3.132356,6.85389 6.901841,6.79546 l 3.793241,-0.0588 c 3.771999,-0.0585 6.839601,-3.17352 6.839601,-6.94598 v -11.8584 c 0,-3.76994 -3.132353,-6.85389 -6.901841,-6.79546 z m 0.06224,3.99919 c 1.586041,-0.0246 2.839271,1.21004 2.839271,2.79627 v 11.8584 c 0,1.63266 -1.269056,2.92143 -2.901511,2.94678 l -3.793241,0.0589 c -1.58604,0.0246 -2.839272,-1.21005 -2.839272,-2.79627 v -11.85728 c 0,-1.63264 1.269058,-2.92255 2.901512,-2.9479 z m 53.819583,12.338 c -0.9398,-6.5e-4 -1.70182,0.76137 -1.70117,1.70117 4.3e-4,0.93904 0.76213,1.69987 1.70117,1.69922 h 66.95703 l 0.0117,0.0117 0.30664,-0.0117 0.0605,-0.002 c 2.20129,-0.10155 2.14301,-3.3753 -0.0605,-3.39844 z m -5.8e-4,1.70046 h 67.27526 l -0.36681,0.0131 m 2.05881,-11.88009 c 0,1.08537 -0.87987,1.96525 -1.96524,1.96525 -1.08537,0 -1.96524,-0.87988 -1.96524,-1.96525 -10e-6,-1.08538 0.87986,-1.96526 1.96524,-1.96526 1.08538,0 1.96525,0.87988 1.96524,1.96526 z m -6.73286,-0.20402 c 1e-5,1.08538 -0.87986,1.96526 -1.96524,1.96526 -1.08538,0 -1.96526,-0.87988 -1.96525,-1.96526 0,-1.08538 0.87987,-1.96525 1.96525,-1.96525 1.08537,0 1.96524,0.87988 1.96524,1.96525 z m -12.37048,0.31604 c 0,1.08537 -0.87987,1.96525 -1.96524,1.96525 -1.08538,0 -1.96525,-0.87987 -1.96525,-1.96525 0,-1.08537 0.87988,-1.96524 1.96525,-1.96524 1.08537,0 1.96524,0.87987 1.96524,1.96524 z m -10.66851,-0.11201 c 0,1.08538 -0.87988,1.96526 -1.96526,1.96525 -1.08538,0 -1.96525,-0.87987 -1.96525,-1.96525 -1e-5,-1.08538 0.87987,-1.96526 1.96525,-1.96526 1.08539,-10e-6 1.96527,0.87987 1.96526,1.96526 z m -7.27785,0.0873 c 0,1.08538 -0.87987,1.96525 -1.96525,1.96525 -1.08538,0 -1.96525,-0.87987 -1.96525,-1.96525 0,-1.08538 0.87987,-1.96525 1.96525,-1.96525 1.08538,0 1.96525,0.87987 1.96525,1.96525 z"
         inkscape:label="Secretkey (Sym)"
         transform="translate(-1066.1958,313.56779)"
         inkscape:path-effect="#path-effect62-0"
         inkscape:original-d="m 51.039502,477.193 c -7.204445,0 -13.087357,5.88404 -13.087358,13.08848 v 52.2623 c 1e-6,7.20445 5.882913,13.08736 13.087358,13.08736 h 35.760795 c 7.204443,0 13.087357,-5.88291 13.087357,-13.08736 v -10.4133 h 89.613036 c 2.70413,0 4.93846,-2.23546 4.93846,-4.93959 V 505.8856 c 0,-2.70412 -2.23433,-4.93958 -4.93846,-4.93959 h -23.09553 c -22.1765,0 -44.34846,0.0361 -66.517506,0 v -10.66453 c 0,-7.20444 -5.882914,-13.08848 -13.087357,-13.08848 z m 0,4.00033 h 35.760795 c 5.042684,0 9.087026,4.04547 9.087026,9.08815 v 10.66453 c -0.05354,-1.1e-4 -0.107136,1.2e-4 -0.16069,0 h -0.0023 -2.886799 c -1.10426,2.2e-4 -1.999382,0.89535 -1.999598,1.99961 -3.97e-4,1.10469 0.894904,2.0005 1.999598,2.00072 h 2.88454 c 0.722102,0.002 1.443852,-0.001 2.165948,0 22.842678,0.0422 45.682308,0 68.517098,0 h 23.09554 c 0.54237,0 0.93813,0.39689 0.93813,0.93926 v 21.30529 c 0,0.54237 -0.39576,0.93926 -0.93813,0.93926 h -93.778586 -2.88454 c -1.104256,2.2e-4 -1.999377,0.89534 -1.999598,1.9996 -4.03e-4,1.1047 0.8949,2.00051 1.999598,2.00073 h 2.88454 0.165215 v 10.4133 c 0,5.04269 -4.044342,9.08703 -9.087026,9.08703 H 51.039502 c -5.042687,0 -9.088159,-4.04434 -9.08816,-9.08703 v -52.2623 c 1e-6,-5.04268 4.045473,-9.08815 9.08816,-9.08815 z m 9.201725,22.3894 -3.793241,0.0588 c -3.771998,0.0585 -6.839601,3.17466 -6.839601,6.9471 v 11.85728 c 0,3.76993 3.132356,6.85389 6.901841,6.79546 l 3.793241,-0.0588 c 3.771999,-0.0585 6.839601,-3.17352 6.839601,-6.94598 v -11.8584 c 0,-3.76994 -3.132353,-6.85389 -6.901841,-6.79546 z m 0.06224,3.99919 c 1.586041,-0.0246 2.839271,1.21004 2.839271,2.79627 v 11.8584 c 0,1.63266 -1.269056,2.92143 -2.901511,2.94678 l -3.793241,0.0589 c -1.58604,0.0246 -2.839272,-1.21005 -2.839272,-2.79627 v -11.85728 c 0,-1.63264 1.269058,-2.92255 2.901512,-2.9479 z m 53.819583,12.338 c -0.9398,-6.5e-4 -1.70182,0.76137 -1.70117,1.70117 4.3e-4,0.93904 0.76213,1.69987 1.70117,1.69922 h 66.95703 l 0.0117,0.0117 0.30664,-0.0117 0.0605,-0.002 c 2.20129,-0.10155 2.14301,-3.3753 -0.0605,-3.39844 z m -5.8e-4,1.70046 h 67.27526 l -0.36681,0.0131 m 2.05881,-11.88009 c 0,1.08537 -0.87987,1.96525 -1.96524,1.96525 -1.08537,0 -1.96524,-0.87988 -1.96524,-1.96525 -10e-6,-1.08538 0.87986,-1.96526 1.96524,-1.96526 1.08538,0 1.96525,0.87988 1.96524,1.96526 z m -6.73286,-0.20402 c 1e-5,1.08538 -0.87986,1.96526 -1.96524,1.96526 -1.08538,0 -1.96526,-0.87988 -1.96525,-1.96526 0,-1.08538 0.87987,-1.96525 1.96525,-1.96525 1.08537,0 1.96524,0.87988 1.96524,1.96525 z m -12.37048,0.31604 c 0,1.08537 -0.87987,1.96525 -1.96524,1.96525 -1.08538,0 -1.96525,-0.87987 -1.96525,-1.96525 0,-1.08537 0.87988,-1.96524 1.96525,-1.96524 1.08537,0 1.96524,0.87987 1.96524,1.96524 z m -10.66851,-0.11201 c 0,1.08538 -0.87988,1.96526 -1.96526,1.96525 -1.08538,0 -1.96525,-0.87987 -1.96525,-1.96525 -1e-5,-1.08538 0.87987,-1.96526 1.96525,-1.96526 1.08539,-10e-6 1.96527,0.87987 1.96526,1.96526 z m -7.27785,0.0873 c 0,1.08538 -0.87987,1.96525 -1.96525,1.96525 -1.08538,0 -1.96525,-0.87987 -1.96525,-1.96525 0,-1.08538 0.87987,-1.96525 1.96525,-1.96525 1.08538,0 1.96525,0.87987 1.96525,1.96525 z"
         sodipodi:nodetypes="sssssscssssscsssssscsccscccsssssccscccsssssssssssssssssssssssscsccccccccccsssssssssssssssssssssssss" /></g></g></svg>