vanitasvitae/openpgp-notes
1
0
Fork 0
mirror of https://codeberg.org/openpgp/notes.git synced 2025-09-10 11:49:40 +02:00
Code Issues Projects Releases Packages Wiki Activity

improve headers

Browse source
This commit is contained in:
Tammi L. Coles 2023-11-30 19:06:46 +01:00
parent 58f14b495d
commit 1dc1a81474
1 changed files with 4 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

8
book/source/05-private.md
View file

@ -56,13 +56,13 @@ Transferable secret keys are sometimes colloquially referred to as "OpenPGP priv
Historically, the concept of TSKs, which combine all components of an OpenPGP certificate with the associated private key material, has sometimes been conflated with OpenPGP private key operations. However, it is more accurate to view TSKs as a specialized format for storage and transport, rather than as a data structure for use in a keystore. For further details, see {ref}`key-store-design`. Historically, the concept of TSKs, which combine all components of an OpenPGP certificate with the associated private key material, has sometimes been conflated with OpenPGP private key operations. However, it is more accurate to view TSKs as a specialized format for storage and transport, rather than as a data structure for use in a keystore. For further details, see {ref}`key-store-design`.
(encrypted_secrets)= (encrypted_secrets)=
## Protection of private key material in OpenPGP ## Protecting keys with passphrases
In the OpenPGP format, private key material can be optionally protected with a [passphrase](https://en.wikipedia.org/wiki/Passphrase). In the OpenPGP format, private key material can be optionally protected with a [passphrase](https://en.wikipedia.org/wiki/Passphrase).
This method proves effective in scenarios where an unauthorized party obtains the OpenPGP key data but does not know the passphrase. Such a safeguard renders the key unusable to the attacker, effectively protecting it against unauthorized access or use. This method proves effective in scenarios where an unauthorized party obtains the OpenPGP key data but does not know the passphrase. Such a safeguard renders the key unusable to the attacker, effectively protecting it against unauthorized access or use.
### Transforming a passphrase into a symmetric key ### Transforming passphrases into symmetric keys
When protecting private key material in OpenPGP, a symmetric key is derived from the user's passphrase. This derived key is then used to protect the OpenPGP private key data. When protecting private key material in OpenPGP, a symmetric key is derived from the user's passphrase. This derived key is then used to protect the OpenPGP private key data.
@ -88,7 +88,7 @@ A third mechanism is conditionally allowed for key generation. Decryption of pri
The RFC uses the terms "String-to-Key (S2K) specifier" or "String-to-Key (S2K) specifier type" for mechanisms used to *generate* a symmetric key from a passphrase. The RFC uses the terms "String-to-Key (S2K) specifier" or "String-to-Key (S2K) specifier type" for mechanisms used to *generate* a symmetric key from a passphrase.
### Using the symmetric key for encryption ### Using symmetric keys for encryption
The generation of a symmetric key from a passphrase leads to its subsequent use in encrypting or decrypting OpenPGP private key material. The generation of a symmetric key from a passphrase leads to its subsequent use in encrypting or decrypting OpenPGP private key material.
@ -96,7 +96,7 @@ The RFC uses the term "String-to-Key Usage (S2K usage)" for the mechanism used t
Different mechanisms are specified [for encryption of OpenPGP private key material](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-12.html#name-secret-key-encryption). Different mechanisms are specified [for encryption of OpenPGP private key material](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-12.html#name-secret-key-encryption).
### Passphrase-protection acts per-component key ### Component-based passphrase protection
The OpenPGP mechanism for protecting private key material applies individually to each component key: The OpenPGP mechanism for protecting private key material applies individually to each component key: