From a1fe545e884db81a469fa3950c1ef82aa4d04b47 Mon Sep 17 00:00:00 2001 From: Heiko Schaefer Date: Tue, 10 Oct 2023 12:52:14 +0200 Subject: [PATCH] ch4: add a note that the example key isn't password protected Add link to ch5 for discussion of encrypted private key material. --- book/source/04-certificates.md | 3 +++ book/source/05-private.md | 10 ++++++++++ 2 files changed, 13 insertions(+) diff --git a/book/source/04-certificates.md b/book/source/04-certificates.md index 9f88ca0..7790c74 100644 --- a/book/source/04-certificates.md +++ b/book/source/04-certificates.md @@ -306,6 +306,9 @@ Now that we've established the concepts of the components that OpenPGP certifica We'll start with a very minimal version of [](alice_priv), stored as a *transferable secret key* ([RFC 10.2.](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-10.html#transferable-secret-keys)) (that is, including private key material). +Note that the secret key material we're using in this chapter is not password protected. To learn more about encrypting private key material with passwords in OpenPGP, see +{numref}`encrypted_secrets`. + In this section, we use the Sequoia-PGP tool `sq` to handle and transform our example OpenPGP key, and to inspect internal OpenPGP packet data. One way to produce this minimal version of Alice's key is: diff --git a/book/source/05-private.md b/book/source/05-private.md index ae4d001..a0bf8de 100644 --- a/book/source/05-private.md +++ b/book/source/05-private.md @@ -12,6 +12,16 @@ https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-10.html#name-transferable-secret-keys +(encrypted_secrets)= +## Password protecting secret key material + +```{admonition} TODO +:class: warning + +S2K, symmetric encryption +``` + + ## Private key operations The core of private key operations doesn't require access to the whole certificate. A private key subsystem only needs to handle the cryptographic key material.