mirror of
https://codeberg.org/openpgp/notes.git
synced 2024-11-27 10:02:06 +01:00
ch5: outline sketch
This commit is contained in:
parent
61d5b010f8
commit
e5500ac6f8
1 changed files with 21 additions and 4 deletions
|
@ -1,8 +1,25 @@
|
||||||
(private_key_chapter)=
|
(private_key_chapter)=
|
||||||
# Private key material
|
# Private keys
|
||||||
|
|
||||||
```
|
```
|
||||||
- Consistently consider private key material as a separate thing from Certificates? (like in pkcs#11?)
|
- Consistently consider private key material as a separate thing from Certificates? (like in pkcs#11?)
|
||||||
- consider KOpenPGP attack
|
|
||||||
- For TSKs: Best practices S2K + S2K migration?
|
|
||||||
```
|
```
|
||||||
|
|
||||||
|
## Transferable secret keys
|
||||||
|
|
||||||
|
https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-10.html#name-transferable-secret-keys
|
||||||
|
|
||||||
|
|
||||||
|
## Private key operations
|
||||||
|
|
||||||
|
The core of private key operations doesn't require access to the whole certificate. A private key subsystem only needs to handle the cryptographic key material.
|
||||||
|
|
||||||
|
### OpenPGP card for private keys
|
||||||
|
|
||||||
|
[OpenPGP card](https://en.wikipedia.org/wiki/OpenPGP_card) devices are a type of hardware security device. They are one popular way to handle OpenPGP private key material. These devices do not store the full OpenPGP certificate.
|
||||||
|
|
||||||
|
## Advanced topics
|
||||||
|
|
||||||
|
### TSKs: Best practices S2K + S2K migration?
|
||||||
|
|
||||||
|
### The KOpenPGP attack
|
||||||
|
|
Loading…
Reference in a new issue