openpgp-notes/book/source/05-private.md
Heiko Schaefer a1fe545e88
ch4: add a note that the example key isn't password protected
Add link to ch5 for discussion of encrypted private key material.
2023-10-12 14:11:02 +02:00

37 lines
1,000 B
Markdown

(private_key_chapter)=
# Private keys
```{admonition} TODO
:class: warning
- Consistently consider private key material as a separate thing from Certificates? (like in pkcs#11?)
```
## Transferable secret keys
https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-10.html#name-transferable-secret-keys
(encrypted_secrets)=
## Password protecting secret key material
```{admonition} TODO
:class: warning
S2K, symmetric encryption
```
## Private key operations
The core of private key operations doesn't require access to the whole certificate. A private key subsystem only needs to handle the cryptographic key material.
### OpenPGP card for private keys
[OpenPGP card](https://en.wikipedia.org/wiki/OpenPGP_card) devices are a type of hardware security device. They are one popular way to handle OpenPGP private key material. These devices do not store the full OpenPGP certificate.
## Advanced topics
### TSKs: Best practices S2K + S2K migration?
### The KOpenPGP attack