From 552e32f9f0c2abb8bc0c91da39960e75147a3945 Mon Sep 17 00:00:00 2001 From: Heiko Schaefer Date: Thu, 30 Nov 2023 23:27:00 +0100 Subject: [PATCH] Software keys are very commonly used, so claiming "typically" a hardware device is used is saying too much. However, if a hardware device is used, the delineation of what the hardware device does and doesn't do heavily impacts the architecture. --- book/source/05-private.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/book/source/05-private.md b/book/source/05-private.md index f4a97b7..5efe62e 100644 --- a/book/source/05-private.md +++ b/book/source/05-private.md @@ -168,7 +168,7 @@ When implementing a keystore based on hardware cryptographic devices like [OpenP - **supplementary layer**: performs additional cryptographic operations that don't directly use the private key material, such as [AES key wrap](https://www.rfc-editor.org/rfc/rfc3394.html) for ECDH. ```{note} - The decryption process using ECC algorithms, especially ECDH, has multiple steps. The initial step, typically performed by devices such as OpenPGP cards, directly uses private key material to produce a "shared secret." Following this, operations like ["AES key unwrap"](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-12.html#name-ec-dh-algorithm-ecdh) are conducted in software outside the hardware device. + The decryption process using ECC algorithms, especially ECDH, has multiple steps. The initial step, potentially performed by devices such as OpenPGP cards, directly uses private key material to produce a "shared secret." Following this, operations like ["AES key unwrap"](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-12.html#name-ec-dh-algorithm-ecdh) are conducted in software outside the hardware device. Further details on this process can be found in the "Advanced Encryption Standard (AES) Key Wrap Algorithm" [RFC 3394](https://www.rfc-editor.org/rfc/rfc3394.html). ```