mirror of
https://codeberg.org/openpgp/notes.git
synced 2024-11-27 01:52:06 +01:00
ch4: add a note that the example key isn't password protected
Add link to ch5 for discussion of encrypted private key material.
This commit is contained in:
parent
134407ee2f
commit
a1fe545e88
2 changed files with 13 additions and 0 deletions
|
@ -306,6 +306,9 @@ Now that we've established the concepts of the components that OpenPGP certifica
|
||||||
|
|
||||||
We'll start with a very minimal version of [](alice_priv), stored as a *transferable secret key* ([RFC 10.2.](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-10.html#transferable-secret-keys)) (that is, including private key material).
|
We'll start with a very minimal version of [](alice_priv), stored as a *transferable secret key* ([RFC 10.2.](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-10.html#transferable-secret-keys)) (that is, including private key material).
|
||||||
|
|
||||||
|
Note that the secret key material we're using in this chapter is not password protected. To learn more about encrypting private key material with passwords in OpenPGP, see
|
||||||
|
{numref}`encrypted_secrets`.
|
||||||
|
|
||||||
In this section, we use the Sequoia-PGP tool `sq` to handle and transform our example OpenPGP key, and to inspect internal OpenPGP packet data.
|
In this section, we use the Sequoia-PGP tool `sq` to handle and transform our example OpenPGP key, and to inspect internal OpenPGP packet data.
|
||||||
|
|
||||||
One way to produce this minimal version of Alice's key is:
|
One way to produce this minimal version of Alice's key is:
|
||||||
|
|
|
@ -12,6 +12,16 @@
|
||||||
https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-10.html#name-transferable-secret-keys
|
https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-10.html#name-transferable-secret-keys
|
||||||
|
|
||||||
|
|
||||||
|
(encrypted_secrets)=
|
||||||
|
## Password protecting secret key material
|
||||||
|
|
||||||
|
```{admonition} TODO
|
||||||
|
:class: warning
|
||||||
|
|
||||||
|
S2K, symmetric encryption
|
||||||
|
```
|
||||||
|
|
||||||
|
|
||||||
## Private key operations
|
## Private key operations
|
||||||
|
|
||||||
The core of private key operations doesn't require access to the whole certificate. A private key subsystem only needs to handle the cryptographic key material.
|
The core of private key operations doesn't require access to the whole certificate. A private key subsystem only needs to handle the cryptographic key material.
|
||||||
|
|
Loading…
Reference in a new issue