From e5500ac6f86cb875f7e98a4770c3e2626a61c208 Mon Sep 17 00:00:00 2001
From: Heiko Schaefer <heiko@schaefer.name>
Date: Sat, 23 Sep 2023 17:35:22 +0200
Subject: [PATCH] ch5: outline sketch

---
 book/source/05-private.md | 25 +++++++++++++++++++++----
 1 file changed, 21 insertions(+), 4 deletions(-)

diff --git a/book/source/05-private.md b/book/source/05-private.md
index dd0a27d..f4c11a7 100644
--- a/book/source/05-private.md
+++ b/book/source/05-private.md
@@ -1,8 +1,25 @@
 (private_key_chapter)=
-# Private key material
+# Private keys
 
 ```
 - Consistently consider private key material as a separate thing from Certificates? (like in pkcs#11?)
-- consider KOpenPGP attack
-- For TSKs: Best practices S2K + S2K migration?
-```
\ No newline at end of file
+```
+
+## Transferable secret keys
+
+https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-10.html#name-transferable-secret-keys
+
+
+## Private key operations
+
+The core of private key operations doesn't require access to the whole certificate. A private key subsystem only needs to handle the cryptographic key material.
+
+### OpenPGP card for private keys
+
+[OpenPGP card](https://en.wikipedia.org/wiki/OpenPGP_card) devices are a type of hardware security device. They are one popular way to handle OpenPGP private key material. These devices do not store the full OpenPGP certificate.
+
+## Advanced topics
+
+### TSKs: Best practices S2K + S2K migration?
+
+### The KOpenPGP attack