Merge pull request 'Add numbering for all figures in flat hierarchy and add alt-text and names for all figures' (#132) from dvzrv/numfig_and_alt_text into draft

Reviewed-on: https://codeberg.org/openpgp/notes/pulls/132
2024-11-26 17:42:06 +01:00 · 2023-11-20 18:43:07 +00:00 · 2023-11-20 18:43:07 +00:00 · f6a07df24a
commit f6a07df24a
parent 5cb7b94950 bf3c72d855
8 changed files with 58 additions and 10 deletions
--- a/book/source/03-cryptography.md
+++ b/book/source/03-cryptography.md
@ -39,8 +39,9 @@ For detailed information on KDFs and their role in the OpenPGP protocol, see the
 Participants in symmetric-key operations need to exchange the shared secret over a secure channel.
 ```{figure} diag/symmetric_key.png
---
+:name: fig-symmetric-key
---
+:alt: Depicts a box with a white background and the title "Symmetric key". In the box a single key symbol, rendered with full yellow line, is shown pointing to the right hand side.
 A symmetric cryptographic key (which acts as a shared secret)
 ```
@ -90,8 +91,9 @@ Unlike symmetric cryptography, participants are not required to pre-arrange a sh
 Throughout this document, we will frequently reference asymmetric cryptographic key pairs:
 ```{figure} diag/asymmetric_keypair.png
---
+:name: fig-asymmetric-keypair
---
+:alt: Depicts a box with white background and the title "Asymmetric keypair". In the box two key symbols with text next to them are shown. The top key symbol is rendered using full green lines, points to the right hand side and has the accompanying text "Public key". The lower key symbol is rendered using dotted red lines, points to the left hand side and has the accompanying text "Private key".
 An asymmetric cryptographic key pair
 ```
@ -100,8 +102,9 @@ Each key pair comprises two parts: the public key and the private key. For ease
 It's important to note that in many scenarios, only the public key is exposed or used (we will expand on these situations in subsequent sections):
 ```{figure} diag/public_key.png
---
+:name: fig-public-key
---
+:alt: Depicts a box with white background and the title "Public part of an asymmetric keypair". In the box one key symbol with text next to it is shown. The key symbol is rendered using full green lines, points to the right hand side and has the accompanying text "Public key".
 The public parts of an asymmetric key pair
 ```
--- a/book/source/04-certificates.md
+++ b/book/source/04-certificates.md
@ -41,6 +41,8 @@ An OpenPGP certificate (or "OpenPGP key") is a collection of an arbitrary number
 This documentation collectively refers to component keys and identity components as "the components of a certificate."
 ```{figure} diag/OpenPGP_Certificate.png
 :name: fig-openpgp-certificate
 :alt: Depicts a box with white background and the title "OpenPGP certificate". In the box several other boxes and accompanying texts, representing component keys and User IDs, are shown. There are three component keys boxes with a green frame, each with a dotted lower-left section, that shows the text "key creation time" and the green public key symbol in the lower right area. All three have a title, a unique fingerprint below the box and a unique capability keyword, perpendicular to the box on the right side. The top-most component key box has a light-green background, with the title "Component Key (primary)" and capability keyword "certification". The second-to-top component key box has a white background, with the title "Component Key" and capability keyword "encryption". The lowest component key box has a white background, with the title "Component Key" and capability keyword "signing". There are two User ID boxes, each with a black frame, open to top left and lower right corner. Both boxes have a user icon on the top left side, the title "User ID" on the top right side and a User ID string at the bottom. The top box has "Alice Adams <alice@example.org>" and the lower box has "Alice" as User ID string.
 Typical components in an OpenPGP certificate
 ```
@ -60,6 +62,8 @@ OpenPGP component keys logically consist of an [asymmetric cryptographic keypair
 [^ecdh-parameters]: For [ECDH](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-10.html#name-algorithm-specific-part-for-ecd) component keys, two additional algorithm parameters are integral to the component key's constitutive and immutable properties. Those parameters specify a hash function and a symmetric encryption algorithm.
 ```{figure} diag/Component_Key.svg
 :name: fig-component-key
 :alt: Depicts a box with white background and no title. In the box one other box is shown. The inner box has a green frame, with a dotted lower-left section, that shows the text "key creation time" and the green public key symbol, as well as the red-dotted private key symbol in the lower right area. In the top left of the inner box the text reads "Component Key".
 An OpenPGP component key
 ```
@ -71,6 +75,8 @@ Component keys containing private key material also include metadata specifying
 Each OpenPGP component key possesses an *OpenPGP fingerprint*. This fingerprint is derived from the public key material, the creation timestamp, and, when relevant, the ECDH parameters.
 ```{figure} diag/Fingerprint.png
 :name: fig-fingerprint
 :alt: Depicts a box with white background and the title "Fingerprint of an OpenPGP component key". Inside, another box with a green frame, the title "Component Key", the text "key creation time" on the lower left and a the green public key symbol on the lower right is shown. Below the component key box a fingerprint in a box with a light-yellow background and a yellow dotted line is depicted. The word "Fingerprint" is shown left of the box with the fingerprint and both are connected with a yellow dotted line.
 Every OpenPGP component key is identifiable by a  fingerprint. Although it's technically possible for different keys to share a fingerprint, cryptographic mechanisms make it exceedingly difficult, if not practically impossible with current technology, to find keys that share a fingerprint.
 ```
@ -101,7 +107,7 @@ Modern OpenPGP certificates typically include several subkeys in addition to the
 While subkeys have the same structural attributes as the primary key, they fulfill  different roles. Subkeys are cryptographically linked with the primary key, a relationship further discussed in {numref}`binding_subkeys`.
 ```{figure} diag/Subkeys.png
-:name: Certificate with subkeys
+:name: fig-subkeys
 :alt: Diagram depicting three component keys. The primary key is positioned at the top, designated for certification. Below it, connected by arrows, are two subkeys labeled as "for encryption" and "for signing," respectively.
 OpenPGP certificates can contain multiple subkeys.
@ -151,6 +157,8 @@ Identity components in an OpenPGP certificate are used by the certificate holder
 OpenPGP certificates can contain multiple [User IDs](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-10.html#name-user-id-packet-tag-13). Each User ID associates the certificate with an identity.
 ```{figure} diag/user_ids.png
 :name: fig-user-ids
 :alt: Depicts a diagram with white background and the title "User IDs". Inside, a public primary component key for certification and a User ID is shown. A green arrow points from component key to User ID and is annotated with a signature.
 OpenPGP certificates can contain any number of User IDs
 ```
--- a/book/source/05-private.md
+++ b/book/source/05-private.md
@ -20,6 +20,8 @@ In this text, we treat the private key material as logically separate from the O
 ```{figure} diag/OpenPGPCert_with_privatekeystore.png
 :name: fig-openpgp-certificate-with-private-key-store
 :alt: Depicts a diagram on white background with an OpenPGP Certificate and a private key store. Gray dotted lines connect the green public key symbols of the OpenPGP Certificate with red dotted private key symbols in the private key store.
 An OpenPGP certificate, with the associated private key material handled by a key store subsystem.
 ```
@ -39,6 +41,8 @@ Transferable secret keys are sometimes colloquially referred to as "OpenPGP priv
 Sometimes users handle OpenPGP certificates combined with private key material in the form of *transferable secret keys* (TSK). Transferable secret keys are a serialized format that combines the OpenPGP certificate data with the connected private key material, stored in a single file.
 ```{figure} diag/TSK.png
 :name: fig-transferable-secret-key
 :alt: Depicts a box on white background with the title "Transferable secret key". It is identical to the figure depicting an OpenPGP certificate, with the exception, that in each component key box, below the green public key symbol, also the red dotted private key symbol is shown.
 OpenPGP certificate with integrated private key material, as a TSK
 ```
@ -61,6 +65,8 @@ Using a passphrase can be useful when a third party can obtain a copy of the Ope
 OpenPGP defines a mechanism called [string-to-key (S2K)](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-11.html#name-string-to-key-s2k-specifier) that is used to derive (high-entropy) symmetric encryption keys from (lower-entropy) passphrases, using a [key derivation function (KDF)](https://en.wikipedia.org/wiki/Key_derivation_function).
 ```{figure} diag/passphrase_using_S2K.png
 :name: fig-passphrase-using-s2k
 :alt: Depicts a diagram on white background with the title "Converting a passphrase into a symmetric key". On the left hand side a box with dotted yellow frame and light yellow background and the text "correct horse battery staple" is shown. It is connected by a dotted yellow line with the word "Passphrase". Right of the passphrase an arrow with green dotted frame, light green background and the text "S2K mechanism (string-to-key)", pointing to the right is shown. On the right hand side the yellow symmetric key symbol is shown.
 Transforming a passphrase into a symmetric key
 ```
--- a/book/source/06-signatures.md
+++ b/book/source/06-signatures.md
@ -17,6 +17,8 @@ Within OpenPGP, the term *signature* can have two different meanings:
 - **OpenPGP signature packets**: Defined in the [OpenPGP standard](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-12.html#name-signature-packet-type-id-2), these packets combine a raw cryptographic signature along with a *type* designation and additional metadata.
 ```{figure} diag/meaning_of_signatures.png
 :name: fig-meaning-of-signatures
 :alt: Depicts a box on white background with the title "Meanings of signature in OpenPGP", "signature" in italics. The top half of the box shows a green seal symbol with the word "sig" in it on the left side. The symbol is connected to the text "Cryptographic signature" by a black dotted line. The bottom half of the box shows a diagram. On the left hand side a box with green dotted frame and white background provides the title "Signature type", while inside the box the text reads "Signature over Signature data, Signature metadata". The words "Signature metadata" serve as title for a yellow box at the lower half of the signature type box. The yellow box also contains a cryptographic signature symbol. Right of the signature type box, the text "OpenPGP signature packet" is shown, which is connected to the box by a green dotted line. Below the text a list is shown, which reads "signature type, signature over input data, additional metadata and cryptographic signature". The last item is connected to the cryptographic signature symbol in the yellow box by a black dotted line.
 Two meanings of the term "signature" in OpenPGP
 ```
@ -39,6 +41,8 @@ Signatures on components are a complex topic, and we discuss them in depth in {r
 - the nature of the statement made by the signature, such as certifying an identity or binding component keys into a certificate
 ```{figure} mermaid/sig-types.png
 :name: fig-signature-types
 :alt: Depicts a diagram, describing different types of OpenPGP signatures. On the right hand side a long yellow box with the title "Signature Types and Targets" is shown, which contains signature type IDs and their names (in gray boxes) and further yellow boxes, grouping other types of signature type IDs. At the top the signature type ID "0x02 Standalone" is shown. Below, another yellow box groups the "Signature Packet"s "0x50 Third-Party Confirmation" and "0x40 Timestamp". Another box groups types of signatures, that apply to "Data" packets "0x00 Binary Data" and "0x01 Canonical Text". Below, a box groups types of signatures, that apply to "Primary Key + User ID/ Attr. Packet"s. The type IDs "0x10 Generic Certification", "0x11 Persona Certification", "0x12 Casual Certification" and "0x13 Positive Certification" are shown together in one gray box and "0x30 Certification Revocation" in another. Another yellow box groups types of signatures, that apply to "Primary Key" packets "0x1F Direct-Key Signature" and "0x20 Key Revocation". The last box groups types of signatures, that apply to "Primary + Subkey" packets. "0x18 Subkey Binding" and "0x19 Primary Key Binding" are shown together in one gray box, "0x28 Subkey Revocation" in another. On the left hand side of the diagram shows gray boxes identifying different types of signatures, with the most basic being "OpenPGP Signature" on the far left. With arrows it points to further signature types ("Signature on Data", "Signature on Component") and several signature type IDs ("0x02", "0x50" and "0x40"). The signature type "Signature on Data" points to "0x00" and "0x01". The signature type "Signature on Component" points to two more specific signature types, namely "Third-Party" and "Self-Signature". "Third-Party" points at the group of "0x10", "0x11", "0x12" and "0x13", as well as "0x30" and "0x1F". "Self-Signature" points at the group of "0x10", "0x11", "0x12" and "0x13", as well as "0x30", "0x1F", the group of "0x18" and "0x19" and finally "0x28".
 An overview of signature types in OpenPGP
 ```
@ -56,6 +60,8 @@ As outlined above, an OpenPGP signature is a composite data structure, which com
 - **Raw cryptographic signature**
 ```{figure} diag/signature_packet.png
 :name: fig-signature-packet
 :alt: Depicts a diagram with the title "A signature packet". On the left hand side a box with green dotted frame and white background provides the title "Signature type", while inside the box the text reads "Signature over Signature data, Signature metadata". The words "Signature metadata" serve as title for a yellow box at the lower half of the signature type box. The yellow box also contains a cryptographic signature symbol. Right of the signature type box, the text "OpenPGP signature packet" is shown, which is connected to the box by a green dotted line. Below the text a list is shown, which reads "signature type, signature over input data, additional metadata and raw cryptographic signature". The last item is connected to the cryptographic signature symbol in the yellow box by a black dotted line.
 Structure of an OpenPGP signature packet
 ```
@ -79,6 +85,8 @@ The signature packet consists of two parts:
   - The signature is then calculated for this hash digest.
 ```{figure} diag/Signature_Creation.png
 :name: fig-signature-creation
 :alt: Depicts a complex diagram with white background and the title "Signature creation". On the top left side a box with black frame and white background reads "Input Data packets, One or more packets". Below it the symbol of a signature packet is shown (however, instead of the green signature symbol, only a circle with white background and dotted frame is shown). Both are connected (via green dotted arrows) to a green, right pointing arrow symbol with green dotted frame and the title "Hash mechanism". Text above the green arrow symbol reads "A hash digest is calculated from the input data packets and the signature metadata". The "Hash mechanism" arrow points at a box with white background and green frame, which reads "hash digest". At the top right corner of the diagram the symbol for a component key with both public and private key and the title "Signer private key" is shown. Both hash digest and component key symbol point to a large green arrow symbol, with green dotted frame, at the lower right corner of the diagram, using green dotted arrow lines. The large arrow symbol has the title "Signing mechanism" and text overlaid across it reads "A cryptographic signature is calculated over the hash digest, using the private key material of the signer.". It points at a cryptographic signature symbol at the bottom of the diagram. The cryptographic signature symbol is connected (via a green dotted arrow line) to the circle with white background and dotted green frame in the signature packet symbol.
 Creating a signature in OpenPGP
 ```
@ -95,6 +103,8 @@ The main differences:
 After calculating the hash digest from the input data, a signature verification mechanism is employed. This mechanism uses the hash digest, the cryptographic signature from the signature packet, and the public key of the signer. Its purpose is to ascertain the cryptographic validity of the signature.
 ```{figure} diag/Signature_Verification.png
 :name: fig-signature-verification
 :alt: Depicts a complex diagram with white background and the title "Signature verification". On the top left side a box with black frame and white background reads "Input Data packets, One or more packets". Below it the symbol of a signature packet is shown. Both are connected (via green dotted arrows) to a green, right pointing arrow symbol with green dotted frame and the title "Hash mechanism". Text above the green arrow symbol reads "A hash digest is calculated from the input data packates and the signature metadata". The "Hash mechanism" arrow points at a box with white background and green frame, which reads "hash digest". At the top right corner of the diagram the symbol for a component key with only public key and the title "Signer public key" is shown. Hash digest, component key symbol and the cryptographic signature symbol in the signature packet point to a large green arrow symbol, with green dotted frame, at the lower right corner of the diagram, using green dotted arrow lines. The large arrow symbol has the title "Signature verification mechanism" and text overlaid across it reads "A cryptographic signature is verified against the hash digest, using the public key of the signer.". It points at a success and fail symbol at the bottom of the diagram.
 Verifying a signature in OpenPGP
 ```
--- a/book/source/08-signing_components.md
+++ b/book/source/08-signing_components.md
@ -101,6 +101,8 @@ A subkey binding signature binds a subkey to a primary key, and adds metadata in
 (Note that subkeys that have the *signing* [key flag](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-12.html#name-key-flags) are a special case, and are handled slightly differently. See {numref}`bind_subkey_sign`.)
 ```{figure} diag/subkey_binding_signature.png
 :name: fig-subkey-binding-signature
 :alt: Depicts a diagram on white background with the title "Subkey binding signature". At the top left the symbol of a primary component key with certification capability is shown. At the bottom left the symbol of a component key with encryption capability is shown. The primary component key points at the lower component key with a full green arrow line. In the middle of the connection the small symbol of a signature packet is shown. On the right side of the diagram a detailed version of the signature packet can be found in a box with the title "Subkey binding signature". The text reads "Signature over Primary key, Subkey" and the box with "Signature metadata" contains the list "signature creation time", "key expiration time", "key flags" and "issuer fingerprint". The primary component key points at the detailed signature packet with a dotted green arrow line and the text "Primary key creates a subkey binding signature to bind the subkey to the primary key".
 Linking an OpenPGP subkey to the primary key with a binding signature
 ```
@ -127,6 +129,8 @@ This is to prevent an attack where the attacker "adopts" the victims signing sub
 In contrast to the [subkey binding signature](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-10.html#sigtype-subkey-binding) (type ID `0x18`), which is issued by the certificate's primary key, the [primary key binding signature](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-12.html#sigtype-primary-binding) (type ID `0x19`) is instead created by the subkey (informally also called an embedded "back signature").
 ```{figure} diag/subkey_binding_signatur_for_signing_sk.png
 :name: fig-subkey-binding-signature-for-signing-subkeys
 :alt: Depicts a diagram on white background with the title "Subkey binding signature for signing subkeys". At the top left the symbol of a primary component key with certification capability is shown. At the bottom left the symbol of a component key with signing capability is shown. The primary component key points at the lower component key with a full green arrow line. In the middle of the connection the small symbol of a signature packet is shown. On the right side of the diagram a detailed version of the signature packet can be found in a box with the title "Subkey binding signature". The text reads "Signature over Primary key, Subkey" and the box with "Signature metadata" in it contains the list "signature creation time", "key expiration time", "key flags" and "issuer fingerprint". Within the signature metadata a box with a green dotted frame extends the list with an inlined signature packet with the title "Embedded Signature; Primary key binding". Its inner text reads "Signature over Primary Key, Signing Subkey". The signature metadata area of this embedded signature holds the list "signature creation time" and "issuer fingerprint". The cryptographic signature symbol overlaps both metadata and general section of the embedded signature. From the signing component key a green dotted arrow line points to the embedded signature in the subkey binding signature with the text "Signing key creates a primary binding signature to associate itself with the primary key" ("primary binding signature" in bold). At the top of the diagram, the primary component key points at the detailed signature packet with a dotted green arrow line and the text "Primary key creates a subkey binding signature to bind the subkey to the primary key".
 Linking an OpenPGP signing subkey to the primary key with a binding signature, and an embedded primary key binding signature
 ```
@ -149,6 +153,8 @@ Alice can link a User ID to her OpenPGP certificate with a cryptographic signatu
 The resulting certifying self-signature packet is stored as part of the certificate, directly following the User ID packet.
 ```{figure} diag/user_id_certification.png
 :name: fig-user-id-certification
 :alt: Depicts a diagram on white background with the title "User ID binding signature". At the top left the symbol of a primary component key with certification capability is shown. At the bottom left the symbol of a User ID reads "Alice Adams <alice@example.org>". The primary component key points at the User ID with a full green arrow line. In the middle of the connection the small symbol of a signature packet is shown. On the right side of the diagram a detailed version of the signature packet can be found in a box with the title "User ID binding signature". The text reads "Signature over Primary key, User ID" and the box with "Signature metadata" in it contains the list "signature creation time", "key expiration time", "primary User ID flag", "algorithm preferences", "key expiration time (primary key)" and "key flags (primary key)". At the top of the diagram, the primary component key points at the detailed signature packet with a dotted green arrow line and the text "Primary key creates a User ID binding signature to associate the User ID with the primary key".
 Linking a User ID to an OpenPGP certificate
 ```
--- a/book/source/17-zoom_certificates.md
+++ b/book/source/17-zoom_certificates.md
@ -48,6 +48,8 @@ alice.pub-9--Signature
 ```{figure} diag/certificate_packet_list.png
 :name: fig-certificate-packet-list
 :alt: Depicts a box with white background and the title "Certificate packet list". Inside, a list of several boxes on white background and varying frame colors represent a list of OpenPGP packets from top to bottom. The first box, with green frame, represents the "Public-Key packet", and includes the green public key symbol. The second box, with yellow frame, represents a "Signature packet" ("Direct Key Signature") and includes the green cryptographic signature symbol. The third box, with black frame, represents a "User ID packet", and includes the black User ID symbol. The fourth box, with yellow frame, represents a "Signature packet" ("Certifying self-signature for User ID"), and includes the green cryptographic signature symbol. The fifth box, with green frame, represents a "Public-Subkey packet" and includes the green public key symbol. The sixth box, with yellow frame, represents a "Signature packet" ("Subkey binding signature") and includes the green cryptographic signature symbol. The seventh box, with green frame, represents a "Public-Subkey packet" and includes the green public key symbol. The eighth box, with yellow frame, represents a "Signature packet" ("Subkey binding signature") and includes the green cryptographic signature symbol. The ninth box, with green frame, represents a "Public-Subkey packet" and includes the green public key symbol. The tenth box, with yellow frame, represents a "Signature packet" ("Subkey binding signature") and includes the green cryptographic signature symbol.
 Overview of the packets in Alice's OpenPGP certificate 
 ```
@ -76,6 +78,8 @@ This version of Alice's certificate contains just two packets:
 This is the shape of the packets we'll explore in the subsequent sections:
 ```{figure} diag/pubcert-minimal.png
 :name: fig-public-certificate-minimal
 :alt: TODO
 :width: 40%
 A minimal OpenPGP certificate, visualized
@ -171,6 +175,8 @@ The packet type ID ("6") defines the semantics of the following data within the
 Note that the *Public-Key packet* contains only the public part of the key.
 ```{figure} diag/public-key_packet.png
 :name: fig-public-key-packet
 :alt: Depicts a box with white background and title "Public-Key packet". In the center a box with white background and green frame is shown. Inside it several items are listed, separated by green dotted horizontal lines. The first three are "Version", "Creation Time", "Public-Key Algorithm" written in black. The last one is written in green and reads "Public Key Material" and has the green public key symbol at its right side.
 Structure of a Public-Key packet.
 ```
@ -361,6 +367,8 @@ The hash digest is calculated from the following data (see [Computing Signatures
 The signature is calculated from this hash digest.
 ```{figure} diag/direct_key_signature_packet.png
 :name: fig-direct-key-signature-packet
 :alt: Depicts a box with white background, title "Signature packet" and subtitle "Direct Key Signature (type ID 0x1F)". In the center a box with white background and yellow frame is shown. Inside it several items are listed, separated by yellow dotted horizontal lines. The first three are "Version", "Public-Key Algorithm" and "Hash Algorithm". The fourth item is called "Hashed area" and confines further sub-items by a light-yellow frame on the top and left side. The sub-items are "Signature Creation Time", "Key Expiration Time", "Preferred Symmetric Ciphers for v1 SEIPD", "Preferred Hash Algorithms", "Key Flags", "Features" and "Issuer Fingerprint". The fifth item is named "Unhashed area" and again introduces an area for sub-items, this time using a light-gray border on the top and left side. The unhashed area has no sub-items though. The last item is called "Cryptographic Signature", with the subtitle "by the primary key over primary key, subkey and signature metadata" and includes the green cryptographic signature symbol on the right side.
 Structure of a direct key signature packet.
 ```
--- a/book/source/18-zoom_private_keys.md
+++ b/book/source/18-zoom_private_keys.md
@ -23,6 +23,8 @@ The output starts with the (primary) [Secret-Key packet](https://www.ietf.org/ar
 This is the structure of the Secret-Key packet we will now look at.
 ```{figure} diag/secret-key_packet.png
 :name: fig-secret-key-packet
 :alt: Depicts a box with white background and title "Secret-Key packet". In the center a box with white background and red frame is shown. Inside it several items are listed, separated by red dotted horizontal lines. The first three are "Version", "Creation Time", "Public-Key Algorithm" written in black. The fourth one is written in green and reads "Public Key Material" and has the green public key symbol at its right side. The fifth one is again written in black and reads "S2K Usage (Secret Key Encryption)". The sixth item reads "Secret Key Material", written in red and has the red private key symbol at its right side.
 Structure of a Secret-Key packet.
 ```
--- a/book/source/conf.py
+++ b/book/source/conf.py
@ -46,3 +46,8 @@ html_theme_options = {
 # we want to circumvent obscure warnings about footnotes following a heading:
 # https://github.com/executablebooks/MyST-Parser/issues/352
 myst_footnote_transition = False
 # number code-blocks, figures and tables, if they have a caption
 numfig = True
 # number figures in flat hierarchy
 numfig_secnum_depth = 0