(private_key_chapter)= # Private keys ``` - Consistently consider private key material as a separate thing from Certificates? (like in pkcs#11?) ``` ## Transferable secret keys https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-10.html#name-transferable-secret-keys ## Private key operations The core of private key operations doesn't require access to the whole certificate. A private key subsystem only needs to handle the cryptographic key material. ### OpenPGP card for private keys [OpenPGP card](https://en.wikipedia.org/wiki/OpenPGP_card) devices are a type of hardware security device. They are one popular way to handle OpenPGP private key material. These devices do not store the full OpenPGP certificate. ## Advanced topics ### TSKs: Best practices S2K + S2K migration? ### The KOpenPGP attack