vanitasvitae/openpgp-notes
1
0
Fork 0
mirror of https://codeberg.org/openpgp/notes.git synced 2024-11-23 16:12:05 +01:00
Code Issues Projects Releases Packages Wiki Activity

ch4: add a note that the example key isn't password protected

Browse source 
Add link to ch5 for discussion of encrypted private key material.
This commit is contained in:
Heiko Schaefer 2023-10-10 12:52:14 +02:00
parent 134407ee2f
commit a1fe545e88
No known key found for this signature in database
GPG key ID: 4A849A1904CCBD7D
2 changed files with 13 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
book/source/04-certificates.md
View file

@ -306,6 +306,9 @@ Now that we've established the concepts of the components that OpenPGP certifica
We'll start with a very minimal version of [](alice_priv), stored as a *transferable secret key* ([RFC 10.2.](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-10.html#transferable-secret-keys)) (that is, including private key material). We'll start with a very minimal version of [](alice_priv), stored as a *transferable secret key* ([RFC 10.2.](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-10.html#transferable-secret-keys)) (that is, including private key material).
Note that the secret key material we're using in this chapter is not password protected. To learn more about encrypting private key material with passwords in OpenPGP, see
{numref}`encrypted_secrets`.
In this section, we use the Sequoia-PGP tool `sq` to handle and transform our example OpenPGP key, and to inspect internal OpenPGP packet data. In this section, we use the Sequoia-PGP tool `sq` to handle and transform our example OpenPGP key, and to inspect internal OpenPGP packet data.
One way to produce this minimal version of Alice's key is: One way to produce this minimal version of Alice's key is:

10
book/source/05-private.md
View file

@ -12,6 +12,16 @@
https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-10.html#name-transferable-secret-keys https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-10.html#name-transferable-secret-keys
(encrypted_secrets)=
## Password protecting secret key material
```{admonition} TODO
:class: warning
S2K, symmetric encryption
```
## Private key operations ## Private key operations
The core of private key operations doesn't require access to the whole certificate. A private key subsystem only needs to handle the cryptographic key material. The core of private key operations doesn't require access to the whole certificate. A private key subsystem only needs to handle the cryptographic key material.