diff --git a/book/source/03-cryptography.md b/book/source/03-cryptography.md
index 1130c53..58ab78e 100644
--- a/book/source/03-cryptography.md
+++ b/book/source/03-cryptography.md
@@ -1,5 +1,5 @@
 (cyrptography_chapter)=
-# Cryptographic concepts/terms
+# Cryptographic concepts and terms
 
 ```{admonition} VISUAL
 :class: warning
@@ -24,15 +24,17 @@ Participants in symmetric-key operations need to exchange the shared secret over
 - visualization? (maybe a black key icon, following wikipedia's example?)
 ```
 
-Symmetric-key cryptography is much faster than public-key cryptography. Also, most current symmetric cryptographic algorithms are considered quantum-resistant.
+### Benefits and downsides
 
-So symmetric-key cryptography has major benefits, but exchanging the shared secret is a problem that needs to be solved separately.
+Symmetric-key cryptography has major benefits: it is much faster than public-key cryptography (see below). Also, most current symmetric cryptographic algorithms are considered quantum-resistant.
 
-[Hybrid cryptosystems](hybrid_cryptosystems) are one common approach to leverage the benefits of symmetric-key cryptography, while handling the shared secret with a separate mechanism (using public-key cryptography).
+However, exchanging the required shared secret is a problem that needs to be solved separately.
+
+[Hybrid cryptosystems](hybrid_cryptosystems) (see below) are one common approach to leverage the benefits of symmetric-key cryptography, while handling the shared secret with a separate mechanism (using public-key cryptography).
 
 ### Symmetric-key cryptography in OpenPGP
 
-Symmetric cryptography is used in OpenPGP (as part of a hybrid cryptosystem).
+Symmetric cryptography is used in OpenPGP as part of a hybrid cryptosystem.
 
 Where symmetric keys are used in OpenPGP, they are referred to as "session keys."
 
@@ -40,13 +42,13 @@ Where symmetric keys are used in OpenPGP, they are referred to as "session keys.
 
 [Authenticated encryption](https://en.wikipedia.org/wiki/Authenticated_encryption) is a class of cryptographic schemes that gives additional guarantees besides confidentiality.
 
-In OpenPGP version 6, AEAD is used to solve the problem of "malleability": In past versions of the OpenPGP protocol, some malicious changes to ciphertext were undetectable. With AEAD undetected changes of ciphertext are not possible.
+In OpenPGP version 6, AEAD is used to solve the problem of "malleability": In past versions of the OpenPGP protocol, some malicious changes to ciphertext were undetectable. With AEAD, undetected changes of ciphertext are not possible.
 
 ## Public-key, or asymmetric cryptography
 
 [Public-key cryptography](https://en.wikipedia.org/wiki/Public-key_cryptography) systems use asymmetric pairs of related keys. Public-key cryptographic systems support *encryption/decryption* and *digital signature* operations.
 
-Public-key cryptography doesn't require participants to have pre-arranged a shared secret.
+Public-key cryptography doesn't require participants to pre-arrange a shared secret.
 
 ### Asymmetric cryptographic key pairs
 
@@ -65,19 +67,10 @@ An asymmetric cryptographic key pair
 - Heiko: maybe use colors + distinct shapes for the two key halves?
 ```
 
-An asymmetric cryptographic key pair consists of a public and a private part. In this document, we'll show the public part of key pair in green, and the private part in red.
-
-We'll usually visualize cryptographic key pairs in this more compact form:
-
-```{figure} diag/keypair.png
----
----
-Asymmetric key pair, more compact representation
-```
+An asymmetric cryptographic key pair consists of a public and a private part. In this document, we'll show the public part of a key pair in green, and the private part in red.
 
 Note that in many contexts, only the public part is present (more on that later):
 
-
 ```{figure} diag/keypair_pub.png
 ---
 ---
@@ -88,7 +81,9 @@ Only the public part of an asymmetric key pair
 
 OpenPGP makes heavy use of public-key cryptography, both for encryption and signing operations.
 
-Note that, for historical reasons, OpenPGP often uses the terms "public/secret key" instead of "public/private key." The OpenPGP RFC and other documentation often use the non-standard term "secret key" instead of the more common "private key."
+Note that, for historical reasons, the OpenPGP RFC and other documentation often use the non-standard term "secret key" instead of the more common "private key."
+
+So in OpenPGP, the pair of terms "public/secret key" is sometimes used instead of the more common "public/private key."
 
 ### Cryptographic digital signatures
 
diff --git a/book/source/diag/cryptographic_keys.png b/book/source/diag/cryptographic_keys.png
index 7e6b057..c8883cf 100644
Binary files a/book/source/diag/cryptographic_keys.png and b/book/source/diag/cryptographic_keys.png differ
diff --git a/book/source/diag/cryptographic_keys.svg b/book/source/diag/cryptographic_keys.svg
index df4bc1b..2d5d57d 100644
--- a/book/source/diag/cryptographic_keys.svg
+++ b/book/source/diag/cryptographic_keys.svg
@@ -2,12 +2,12 @@
 <!-- Created with Inkscape (http://www.inkscape.org/) -->
 
 <svg
-   width="67.863998mm"
-   height="25.438mm"
-   viewBox="0 0 67.863998 25.438"
+   width="82mm"
+   height="30mm"
+   viewBox="0 0 82 30"
    version="1.1"
    id="svg895"
-   inkscape:version="1.2.2 (b0a8486541, 2022-12-01)"
+   inkscape:version="1.3 (0e150ed6c4, 2023-07-21)"
    sodipodi:docname="cryptographic_keys.svg"
    inkscape:export-filename="cryptographic_keys.png"
    inkscape:export-xdpi="128"
@@ -27,15 +27,16 @@
      inkscape:deskcolor="#d1d1d1"
      inkscape:document-units="mm"
      showgrid="false"
-     inkscape:zoom="3.1390218"
-     inkscape:cx="76.297654"
-     inkscape:cy="27.078499"
+     inkscape:zoom="3.0918694"
+     inkscape:cx="109.15726"
+     inkscape:cy="47.058909"
      inkscape:window-width="1920"
      inkscape:window-height="1001"
      inkscape:window-x="0"
      inkscape:window-y="0"
      inkscape:window-maximized="1"
-     inkscape:current-layer="layer1" />
+     inkscape:current-layer="layer1"
+     inkscape:export-bgcolor="#ffffffff" />
   <defs
      id="defs892" />
   <g
@@ -43,37 +44,67 @@
      inkscape:groupmode="layer"
      id="layer1"
      transform="translate(-68.346923,-67.685135)">
-    <path
-       style="fill:#ff0000;stroke-width:0.055678"
-       inkscape:connector-curvature="0"
-       d="m 116.07104,89.173019 c 0.0754,0.06411 0.17341,0.100291 0.27457,0.09921 h 8.83806 c 0.23572,0.583443 0.5875,1.118749 1.04589,1.577143 0.89582,0.895822 2.08811,1.389303 3.35449,1.390882 1.26604,-6.02e-4 2.45738,-0.493834 3.35373,-1.390184 0.89676,-0.896767 1.38843,-2.086771 1.38964,-3.354222 7.2e-4,-2.616875 -2.12662,-4.744757 -4.74345,-4.743848 -1.26874,-1.44e-4 -2.45926,0.491543 -3.35556,1.38785 -0.4585,0.458495 -0.80845,0.993473 -1.0449,1.578121 l -2.90456,-0.0011 c -0.11995,6.86e-4 -0.23138,0.04871 -0.3145,0.137487 l -0.76334,0.818953 -0.76716,-0.819066 c -0.0816,-0.0858 -0.19287,-0.137296 -0.31303,-0.136259 -0.11786,-0.0012 -0.23243,0.04858 -0.31232,0.1353 l -0.76695,0.821163 -0.76375,-0.820739 c -0.0815,-0.0858 -0.19502,-0.135624 -0.31293,-0.13686 -0.11983,7.99e-4 -0.22232,0.03918 -0.31462,0.137367 l -0.76509,0.819077 -0.76585,-0.818876 c -0.083,-0.09287 -0.20472,-0.140091 -0.32762,-0.137177 -0.11067,0.0053 -0.21137,0.0492 -0.28758,0.125416 -0.0106,0.01061 -0.0217,0.02257 -0.031,0.03571 l -1.07973,1.349484 c -0.14622,0.182044 -0.11927,0.448035 0.0593,0.598427 z m 14.32248,-1.677542 c 4e-4,-0.745739 0.60354,-1.348887 1.34851,-1.348509 0.74563,-3.8e-5 1.34867,0.603006 1.34827,1.348276 1.5e-4,0.744736 -0.60246,1.348054 -1.34839,1.348626 -0.74473,-7e-5 -1.34792,-0.603737 -1.34839,-1.348393 z m -13.38686,0.539546 c 3e-5,-0.08865 0.0372,-0.170172 0.095,-0.227922 0.0578,-0.05777 0.1393,-0.09499 0.22793,-0.09499 l 7.52089,0.0011 c 0.008,0.217554 0.0318,0.431578 0.0703,0.642947 l -7.59212,7.63e-4 c -0.17725,5e-6 -0.32194,-0.144681 -0.32197,-0.321898 z"
-       id="path4600-8-0-6-5-1" />
-    <path
-       style="fill:#008000;stroke-width:0.055678"
-       inkscape:connector-curvature="0"
-       d="m 88.719971,72.869038 c -0.07545,-0.06413 -0.173403,-0.100289 -0.274569,-0.09921 h -8.838057 c -0.235714,-0.583441 -0.5875,-1.118749 -1.045896,-1.577145 -0.895819,-0.89582 -2.0881,-1.389296 -3.354486,-1.39088 -1.26604,6.02e-4 -2.457373,0.493837 -3.353723,1.390187 -0.896767,0.896767 -1.388432,2.086771 -1.389649,3.354217 -7.14e-4,2.616882 2.126624,4.744757 4.743457,4.743852 1.268733,1.42e-4 2.459253,-0.491545 3.355561,-1.387852 0.458495,-0.458495 0.808449,-0.993471 1.044891,-1.578121 l 2.904569,0.0011 c 0.119925,-7.07e-4 0.231372,-0.04871 0.314493,-0.13749 l 0.763357,-0.818936 0.767168,0.81907 c 0.08155,0.08579 0.192871,0.137292 0.313036,0.13626 0.117875,0.0012 0.232426,-0.04858 0.312307,-0.135304 l 0.766978,-0.821142 0.763746,0.820739 c 0.08156,0.0858 0.19502,0.135623 0.31293,0.13686 0.119855,-7.78e-4 0.222322,-0.03918 0.31462,-0.137362 l 0.765076,-0.819099 0.765839,0.818872 c 0.08297,0.09287 0.204721,0.140092 0.32763,0.137179 0.110663,-0.0053 0.21137,-0.0492 0.287581,-0.125412 0.01061,-0.01061 0.02169,-0.02257 0.03125,-0.0355 l 1.079724,-1.349485 c 0.146244,-0.182024 0.119274,-0.448037 -0.05931,-0.598432 z m -14.322469,1.677547 c -4.03e-4,0.745736 -0.603551,1.348884 -1.348509,1.348509 -0.745637,3.5e-5 -1.348686,-0.603013 -1.348283,-1.348283 -1.48e-4,-0.744732 0.602462,-1.348049 1.348396,-1.348622 0.744725,7.1e-5 1.347923,0.603735 1.348396,1.348396 z m 13.386848,-0.53955 c 0,0.08867 -0.03724,0.170172 -0.09499,0.227922 -0.05777,0.05777 -0.139279,0.09501 -0.227922,0.09498 l -7.520894,-0.0011 c -0.0083,-0.217556 -0.03183,-0.431575 -0.07029,-0.642944 l 7.59212,-7.63e-4 c 0.17725,-7e-6 0.321939,0.144681 0.321968,0.321896 z"
-       id="path4600-8-0-6-5-1-3" />
     <text
        xml:space="preserve"
        style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:3.52778px;font-family:'Courier 10 Pitch';-inkscape-font-specification:'Courier 10 Pitch, Normal';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal;opacity:1;fill:#000000;fill-opacity:1;stroke:none;stroke-width:0.2;stroke-dasharray:none;stroke-opacity:1"
-       x="91.828957"
-       y="75.402527"
+       x="107.71756"
+       y="77.314079"
        id="text4813"><tspan
          sodipodi:role="line"
          id="tspan4811"
          style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:3.52778px;font-family:'Courier 10 Pitch';-inkscape-font-specification:'Courier 10 Pitch, Normal';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal;fill:#000000;fill-opacity:1;stroke:none;stroke-width:0.2;stroke-dasharray:none;stroke-opacity:1"
-         x="91.828957"
-         y="75.402527">public cryptographic key</tspan></text>
+         x="107.71756"
+         y="77.314079">public cryptographic key</tspan></text>
     <text
        xml:space="preserve"
        style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:3.52778px;font-family:'Courier 10 Pitch';-inkscape-font-specification:'Courier 10 Pitch, Normal';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal;fill:#000000;fill-opacity:1;stroke:none;stroke-width:0.2;stroke-dasharray:none;stroke-opacity:1"
-       x="70.708557"
-       y="88.899147"
+       x="106.57175"
+       y="84.962532"
        id="text4813-9"><tspan
          sodipodi:role="line"
          id="tspan4811-1"
          style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:3.52778px;font-family:'Courier 10 Pitch';-inkscape-font-specification:'Courier 10 Pitch, Normal';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal;fill:#000000;fill-opacity:1;stroke:none;stroke-width:0.2;stroke-dasharray:none;stroke-opacity:1"
-         x="70.708557"
-         y="88.899147">private cryptographic key</tspan></text>
+         x="106.57175"
+         y="84.962532">private cryptographic key</tspan></text>
+    <g
+       id="g7046"
+       transform="translate(6.9077498,4.1154897)">
+      <path
+         style="fill:#ff0000;stroke-width:0.055678"
+         inkscape:connector-curvature="0"
+         d="m 75.253469,81.470864 c 0.0754,0.06411 0.17341,0.100291 0.27457,0.09921 h 8.83806 c 0.23572,0.583443 0.5875,1.118749 1.04589,1.577143 0.89582,0.895822 2.08811,1.389303 3.35449,1.390882 1.26604,-6.02e-4 2.45738,-0.493834 3.35373,-1.390184 0.89676,-0.896767 1.38843,-2.086771 1.38964,-3.354222 7.2e-4,-2.616875 -2.12662,-4.744757 -4.74345,-4.743848 -1.26874,-1.44e-4 -2.45926,0.491543 -3.35556,1.38785 -0.4585,0.458495 -0.80845,0.993473 -1.0449,1.578121 l -2.90456,-0.0011 c -0.11995,6.86e-4 -0.23138,0.04871 -0.3145,0.137487 l -0.76334,0.818953 -0.76716,-0.819066 c -0.0816,-0.0858 -0.19287,-0.137296 -0.31303,-0.136259 -0.11786,-0.0012 -0.23243,0.04858 -0.31232,0.1353 l -0.76695,0.821163 -0.76375,-0.820739 c -0.0815,-0.0858 -0.19502,-0.135624 -0.31293,-0.13686 -0.11983,7.99e-4 -0.22232,0.03918 -0.31462,0.137367 l -0.76509,0.819077 -0.76585,-0.818876 c -0.083,-0.09287 -0.20472,-0.140091 -0.32762,-0.137177 -0.11067,0.0053 -0.21137,0.0492 -0.28758,0.125416 -0.0106,0.01061 -0.0217,0.02257 -0.031,0.03571 l -1.07973,1.349484 c -0.14622,0.182044 -0.11927,0.448035 0.0593,0.598427 z m 14.32248,-1.677542 c 4e-4,-0.745739 0.60354,-1.348887 1.34851,-1.348509 0.74563,-3.8e-5 1.34867,0.603006 1.34827,1.348276 1.5e-4,0.744736 -0.60246,1.348054 -1.34839,1.348626 -0.74473,-7e-5 -1.34792,-0.603737 -1.34839,-1.348393 z m -13.38686,0.539546 c 3e-5,-0.08865 0.0372,-0.170172 0.095,-0.227922 0.0578,-0.05777 0.1393,-0.09499 0.22793,-0.09499 l 7.52089,0.0011 c 0.008,0.217554 0.0318,0.431578 0.0703,0.642947 l -7.59212,7.63e-4 c -0.17725,5e-6 -0.32194,-0.144681 -0.32197,-0.321898 z"
+         id="path4600-8-0-6-5-1-36" />
+      <path
+         style="fill:#008000;stroke-width:0.055678"
+         inkscape:connector-curvature="0"
+         d="M 86.603303,70.75237 C 86.527853,70.68824 86.4299,70.652081 86.328734,70.65316 h -8.838057 c -0.235714,-0.583441 -0.5875,-1.118749 -1.045896,-1.577145 -0.895819,-0.89582 -2.0881,-1.389296 -3.354486,-1.39088 -1.26604,6.02e-4 -2.457373,0.493837 -3.353723,1.390187 -0.896767,0.896767 -1.388432,2.086771 -1.389649,3.354217 -7.14e-4,2.616882 2.126624,4.744757 4.743457,4.743852 1.268733,1.42e-4 2.459253,-0.491545 3.355561,-1.387852 0.458495,-0.458495 0.808449,-0.993471 1.044891,-1.578121 l 2.904569,0.0011 c 0.119925,-7.07e-4 0.231372,-0.04871 0.314493,-0.13749 l 0.763357,-0.818936 0.767168,0.81907 c 0.08155,0.08579 0.192871,0.137292 0.313036,0.13626 0.117875,0.0012 0.232426,-0.04858 0.312307,-0.135304 l 0.766978,-0.821142 0.763746,0.820739 c 0.08156,0.0858 0.19502,0.135623 0.31293,0.13686 0.119855,-7.78e-4 0.222322,-0.03918 0.31462,-0.137362 l 0.765076,-0.819099 0.765839,0.818872 c 0.08297,0.09287 0.204721,0.140092 0.32763,0.137179 0.110663,-0.0053 0.21137,-0.0492 0.287581,-0.125412 0.01061,-0.01061 0.02169,-0.02257 0.03125,-0.0355 l 1.079724,-1.349485 c 0.146244,-0.182024 0.119274,-0.448037 -0.05931,-0.598432 z m -14.322469,1.677547 c -4.03e-4,0.745736 -0.603551,1.348884 -1.348509,1.348509 -0.745637,3.5e-5 -1.348686,-0.603013 -1.348283,-1.348283 -1.48e-4,-0.744732 0.602462,-1.348049 1.348396,-1.348622 0.744725,7.1e-5 1.347923,0.603735 1.348396,1.348396 z m 13.386848,-0.53955 c 0,0.08867 -0.03724,0.170172 -0.09499,0.227922 -0.05777,0.05777 -0.139279,0.09501 -0.227922,0.09498 l -7.520894,-0.0011 c -0.0083,-0.217556 -0.03183,-0.431575 -0.07029,-0.642944 l 7.59212,-7.63e-4 c 0.17725,-7e-6 0.321939,0.144681 0.321968,0.321896 z"
+         id="path4600-8-0-6-5-1-3-7" />
+    </g>
+    <text
+       xml:space="preserve"
+       style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:3.52778px;font-family:'Courier 10 Pitch';-inkscape-font-specification:'Courier 10 Pitch, Normal';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal;fill:#000000;fill-opacity:1;stroke:none;stroke-width:0.2;stroke-dasharray:none;stroke-opacity:1"
+       x="69.740417"
+       y="95.930061"
+       id="text4813-5"><tspan
+         sodipodi:role="line"
+         id="tspan4811-3"
+         style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:3.52778px;font-family:'Courier 10 Pitch';-inkscape-font-specification:'Courier 10 Pitch, Normal';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-east-asian:normal;fill:#000000;fill-opacity:1;stroke:none;stroke-width:0.2;stroke-dasharray:none;stroke-opacity:1"
+         x="69.740417"
+         y="95.930061">cryptographic keypair</tspan></text>
+    <rect
+       style="fill:none;stroke:#000000;stroke-width:0.176389;stroke-dasharray:none;stroke-opacity:0.3512"
+       id="rect6679"
+       width="30.897322"
+       height="22.261703"
+       x="72.387436"
+       y="69.096275" />
+    <path
+       style="opacity:1;fill:none;fill-opacity:1;stroke:#000000;stroke-width:0.2;stroke-opacity:1"
+       d="m 101.53734,83.970784 h 3.62802"
+       id="path1" />
+    <path
+       style="fill:none;stroke:#000000;stroke-width:0.223556;stroke-opacity:1"
+       d="M 96.436662,76.50286 H 106.56731"
+       id="path2" />
   </g>
 </svg>