Replace use of PNGs with converted SVGs (where available)

Signed-off-by: David Runge <dave@sleepmap.de>
2025-09-09 11:19:41 +02:00 · 2023-12-05 12:53:05 +01:00 · 2023-12-05 12:53:05 +01:00 · 5ae3e82c18
commit 5ae3e82c18
parent 7e11d786c2
7 changed files with 25 additions and 25 deletions
--- a/book/source/03-cryptography.md
+++ b/book/source/03-cryptography.md
@ -41,7 +41,7 @@ For detailed information on KDFs and their role in the OpenPGP protocol, see the

 Participants in symmetric-key operations need to exchange the shared secret over a secure channel.

-```{figure} diag/symmetric_key.png
+```{figure} diag_converted/symmetric_key.svg
 :name: fig-symmetric-key
 :alt: Depicts a box with a white background and the title "Symmetric key". In the box a single key symbol, rendered with full yellow line, is shown pointing to the right hand side.

@ -94,7 +94,7 @@ Unlike symmetric cryptography, participants are not required to pre-arrange a sh

 Throughout this document, we will frequently reference asymmetric cryptographic key pairs:

-```{figure} diag/asymmetric_keypair.png
+```{figure} diag_converted/asymmetric_keypair.svg
 :name: fig-asymmetric-keypair
 :alt: Depicts a box with white background and the title "Asymmetric keypair". In the box two key symbols with text next to them are shown. The top key symbol is rendered using full green lines, points to the right hand side and has the accompanying text "Public key". The lower key symbol is rendered using dotted red lines, points to the left hand side and has the accompanying text "Private key".

@ -105,7 +105,7 @@ Each key pair comprises two parts: the {term}`public key<OpenPGP Certificate>` a

 It's important to note that in many scenarios, only the {term}`public key<OpenPGP Certificate>` is exposed or used. These situations will be elaborated upon in subsequent sections of this document.

-```{figure} diag/public_key.png
+```{figure} diag_converted/public_key.svg
 :name: fig-public-key
 :alt: Depicts a box with white background and the title "Public part of an asymmetric keypair". In the box one key symbol with text next to it is shown. The key symbol is rendered using full green lines, points to the right hand side and has the accompanying text "Public key".

--- a/book/source/04-certificates.md
+++ b/book/source/04-certificates.md
@ -49,7 +49,7 @@ An {term}`OpenPGP certificate` (or "{term}`OpenPGP key`") is a collection of an

 This documentation collectively refers to {term}`component keys<OpenPGP Component Key>` and {term}`identity components<Identity Component>` as "the {term}`components<Component>` of a {term}`certificate<OpenPGP Certificate>`."

-```{figure} diag/Components_of_an_OpenPGP_Certificate.svg
+```{figure} diag_converted/Components_of_an_OpenPGP_Certificate.svg
 :name: fig-openpgp-certificate-components
 :alt: Depicts a box with white background and the title "OpenPGP certificate". In the box several other boxes and accompanying texts, representing component keys and User IDs, are shown. There are three component keys boxes with a green frame, each with a dotted lower-left section, that shows the text "key creation time" and the green public key symbol in the lower right area. All three have a title, a unique fingerprint below the box and a unique capability keyword, perpendicular to the box on the right side. The top-most component key box has a light-green background, with the title "Component Key (primary)" and capability keyword "certification". The second-to-top component key box has a white background, with the title "Component Key" and capability keyword "encryption". The lowest component key box has a white background, with the title "Component Key" and capability keyword "signing". There are two User ID boxes, each with a black frame, open to top left and lower right corner. Both boxes have a user icon on the top left side, the title "User ID" on the top right side and a User ID string at the bottom. The top box has "Alice Adams <alice@example.org>" and the lower box has "Alice" as User ID string.

@ -71,7 +71,7 @@ An {term}`OpenPGP certificate` usually contains multiple {term}`component keys<O

 [^ecdh-parameters]: For [ECDH](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-10.html#name-algorithm-specific-part-for-ecd) {term}`component keys<OpenPGP Component Key>`, two additional algorithm parameters are integral to the {term}`component key<OpenPGP Component Key>`'s constitutive and immutable properties. Those parameters specify a hash function and a {term}`symmetric<Symmetric Cryptography>` encryption algorithm.

-```{figure} diag/Component_Key.png
+```{figure} diag_converted/Component_Key.svg
 :name: fig-component-key
 :alt: Depicts a box with white background and no title. In the box one other box is shown. The inner box has a green frame, with a dotted lower-left section, that shows the text "key creation time" and the green public key symbol, as well as the red-dotted private key symbol in the lower right area. In the top left of the inner box the text reads "Component Key."

@ -85,7 +85,7 @@ An {term}`OpenPGP component key`

 Each {term}`OpenPGP component key` possesses an *{term}`OpenPGP fingerprint`*. This {term}`fingerprint<OpenPGP Fingerprint>` is derived from the {term}`public key material<OpenPGP Certificate>`, the {term}`creation timestamp<Creation Time>`, and, when relevant, the ECDH parameters.

-```{figure} diag/Fingerprint.svg
+```{figure} diag_converted/Fingerprint.svg
 :name: fig-fingerprint
 :alt: Depicts a box with white background and the title "Fingerprint of an OpenPGP component key." Inside, another box with a green frame, the title "Component Key", the text "key creation time" on the lower left and a the green public key symbol on the lower right is shown. Below the component key box a fingerprint in a box with a light-yellow background and a yellow dotted line is depicted. The word "Fingerprint" is shown left of the box with the fingerprint and both are connected with a yellow dotted line.

@ -125,7 +125,7 @@ Modern {term}`OpenPGP certificates<OpenPGP Certificate>` typically include sever

 While {term}`subkeys<OpenPGP Subkey>` have the same structural attributes as the {term}`primary key<OpenPGP Primary Key>`, they fulfill  different roles. {term}`Subkeys<OpenPGP Subkey>` are cryptographically linked with the {term}`primary key<OpenPGP Primary Key>`, a relationship further discussed in {numref}`binding_subkeys`.

-```{figure} diag/Binding_Subkeys.png
+```{figure} diag_converted/Binding_Subkeys.svg
 :name: fig-subkeys
 :alt: Diagram depicting three component keys. The primary key is positioned at the top, designated for certification. Below it, connected by arrows, are two subkeys labeled as "for encryption" and "for signing," respectively.

@ -142,7 +142,7 @@ While {term}`subkeys<OpenPGP Subkey>` have the same structural attributes as the

 {term}`OpenPGP certificates<OpenPGP Certificate>` can contain multiple [User IDs](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-10.html#name-user-id-packet-tag-13). Each {term}`User ID` associates the {term}`certificate<OpenPGP Certificate>` with an {term}`identity`.

-```{figure} diag/Binding_a_UserID.png
+```{figure} diag_converted/Binding_a_UserID.svg
 :name: fig-user-ids
 :alt: Depicts a diagram with white background and the title "User IDs". Inside, a public primary component key for certification and a User ID is shown. A green arrow points from component key to User ID and is annotated with a signature.

@ -204,7 +204,7 @@ Key attributes, such as {term}`capabilities<Capability>` (like *signing* or *enc

 It is crucial to note that the {term}`components<Component>` of an {term}`OpenPGP certificate` remain static after their creation. The use of {term}`signatures<OpenPGP Signature Packet>` to store {term}`metadata` allows for subsequent modifications without altering the original {term}`component<Component>`. For instance, a {term}`certificate holder` can update the {term}`expiration time` of a {term}`component` by issuing a new, superseding {term}`signature<OpenPGP Signature Packet>`.

-```{figure} diag/Primary_key_metadata.png
+```{figure} diag_converted/Primary_key_metadata.svg
 :name: fig-primary-metadata
 :alt: Depicts a direct key signature, associated with a primary component key.

@ -261,7 +261,7 @@ Additionally, OpenPGP allows modeling {term}`User ID`-specific preferences. The

 Following our review of how {term}`keys<Component Key>` and {term}`identity components<Identity Component>` are linked, let's reexamine the {term}`OpenPGP certificate` from {numref}`fig-openpgp-certificate-components`. Our focus now extends to all of its binding signatures and the {term}`direct key signature` that contains {term}`metadata` for the full {term}`certificate<OpenPGP certificate>`:

-```{figure} diag/OpenPGP_Certificate.png
+```{figure} diag_converted/OpenPGP_Certificate.svg
 :name: fig-openpgp-certificate
 :alt: Depicts an OpenPGP certificate, including a set of components, binding signatures, and a direct key signature on the primary key.

--- a/book/source/05-private.md
+++ b/book/source/05-private.md
@ -18,7 +18,7 @@ This chapter is about the remaining counterpart to the elements of certificates:

 In this book, we treat the private key material as logically separate from the OpenPGP certificate. A separate subsystem typically handles operations that use private key material. It is useful to think about OpenPGP certificates on one hand, and the associated private key material, on the other, as related but separate elements[^pkcs11]:

-```{figure} diag/OpenPGPCert_with_privatekeystore.svg
+```{figure} diag_converted/OpenPGPCert_with_privatekeystore.svg
 :name: fig-openpgp-certificate-with-private-key-store
 :alt: Depicts a diagram on white background with an OpenPGP Certificate and a private key store. Gray dotted lines connect the green public key symbols of the OpenPGP Certificate with red dotted private key symbols in the private key store.

@ -33,7 +33,7 @@ However, there is one exception. The cryptographic private key material is somet

 Sometimes it is useful to handle OpenPGP certificates combined with private key material in the form of [*transferable secret keys (TSK)*](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-11.html#name-transferable-secret-keys). Transferable secret keys are a serialized format that combines OpenPGP certificate data with the connected private key material, stored in a single file.

-```{figure} diag/TSK.svg
+```{figure} diag_converted/TSK.svg
 :name: fig-transferable-secret-key
 :alt: Depicts a box on white background with the title "Transferable secret key". It is identical to the figure depicting an OpenPGP certificate, with the exception, that in each component key box, below the green public key symbol, also the red dotted private key symbol is shown.

@ -65,7 +65,7 @@ When protecting private key material in OpenPGP, a symmetric key is derived from

 For this purpose, the OpenPGP standard defines a family of mechanisms called [string-to-key (S2K)](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-11.html#name-string-to-key-s2k-specifier). These are used to derive (high-entropy) symmetric encryption keys from (lower-entropy) passphrases, using a [key derivation function (KDF)](https://en.wikipedia.org/wiki/Key_derivation_function).

-```{figure} diag/passphrase_using_S2K.png
+```{figure} diag_converted/passphrase_using_S2K.svg
 :name: fig-passphrase-using-s2k
 :alt: Depicts a diagram on white background with the title "Converting a passphrase into a symmetric key". On the left hand side a box with dotted yellow frame and light yellow background and the text "correct horse battery staple" is shown. It is connected by a dotted yellow line with the word "Passphrase". Right of the passphrase an arrow with green dotted frame, light green background and the text "S2K mechanism (string-to-key)", pointing to the right is shown. On the right hand side the yellow symmetric key symbol is shown.

--- a/book/source/06-signatures.md
+++ b/book/source/06-signatures.md
@ -16,7 +16,7 @@ Within OpenPGP, the term *{term}`signature<OpenPGP Signature Packet>`* can have
 - **{term}`Cryptographic signature`**: a sequence of bytes created by {term}`cryptographic keys<Cryptographic Key>`, calculated according to a {term}`signature` scheme.
 - **{term}`OpenPGP signature packets<OpenPGP signature packet>`**: Defined in the [OpenPGP standard](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-12.html#name-signature-packet-type-id-2), these {term}`packets<Packet>` combine a raw {term}`cryptographic signature` along with a *{term}`type<OpenPGP Signature Type>`* designation and additional {term}`metadata`.

-```{figure} diag/meaning_of_signatures.png
+```{figure} diag_converted/meaning_of_signatures.svg
 :name: fig-meaning-of-signatures
 :alt: Depicts a box on white background with the title "Meanings of signature in OpenPGP", "signature" in italics. The top half of the box shows a green seal symbol with the word "sig" in it on the left side. The symbol is connected to the text "Cryptographic signature" by a black dotted line. The bottom half of the box shows a diagram. On the left hand side a box with green dotted frame and white background provides the title "Signature type", while inside the box the text reads "Signature over Signature data, Signature metadata". The words "Signature metadata" serve as title for a yellow box at the lower half of the signature type box. The yellow box also contains a cryptographic signature symbol. Right of the signature type box, the text "OpenPGP signature packet" is shown, which is connected to the box by a green dotted line. Below the text a list is shown, which reads "signature type, signature over input data, additional metadata and cryptographic signature". The last item is connected to the cryptographic signature symbol in the yellow box by a black dotted line.

@ -84,7 +84,7 @@ The {term}`signature packet<OpenPGP Signature Packet>` consists of two parts:
   - A {term}`hash digest` is calculated from the input data.
   - The {term}`cryptographic signature` is then calculated for this {term}`hash digest`.

-```{figure} diag/Signature_Creation.png
+```{figure} diag_converted/Signature_Creation.svg
 :name: fig-signature-creation
 :alt: Depicts a complex diagram with white background and the title "Signature creation". On the top left side a box with black frame and white background reads "Input Data packets, One or more packets". Below it the symbol of a signature packet is shown (however, instead of the green signature symbol, only a circle with white background and dotted frame is shown). Both are connected (via green dotted arrows) to a green, right pointing arrow symbol with green dotted frame and the title "Hash mechanism". Text above the green arrow symbol reads "A hash digest is calculated from the input data packets and the signature metadata". The "Hash mechanism" arrow points at a box with white background and green frame, which reads "hash digest". At the top right corner of the diagram the symbol for a component key with both public and private key and the title "Signer private key" is shown. Both hash digest and component key symbol point to a large green arrow symbol, with green dotted frame, at the lower right corner of the diagram, using green dotted arrow lines. The large arrow symbol has the title "Signing mechanism" and text overlaid across it reads "A cryptographic signature is calculated over the hash digest, using the private key material of the signer.". It points at a cryptographic signature symbol at the bottom of the diagram. The cryptographic signature symbol is connected (via a green dotted arrow line) to the circle with white background and dotted green frame in the signature packet symbol.

@ -102,7 +102,7 @@ The main differences:
 - **Use of {term}`signature verification` mechanism**: 
 After calculating the {term}`hash digest` from the input data, a {term}`signature verification` mechanism is employed. This mechanism uses the {term}`hash digest`, the {term}`cryptographic signature` from the {term}`signature packet<OpenPGP Signature Packet>`, and the {term}`public key<OpenPGP Certificate>` of the {term}`signer`. Its purpose is to ascertain the cryptographic {term}`validity<Validation>` of the {term}`signature<OpenPGP Signature Packet>`.

-```{figure} diag/Signature_Verification.png
+```{figure} diag_converted/Signature_Verification.svg
 :name: fig-signature-verification
 :alt: Depicts a complex diagram with white background and the title "Signature verification". On the top left side a box with black frame and white background reads "Input Data packets, One or more packets". Below it the symbol of a signature packet is shown. Both are connected (via green dotted arrows) to a green, right pointing arrow symbol with green dotted frame and the title "Hash mechanism". Text above the green arrow symbol reads "A hash digest is calculated from the input data packates and the signature metadata". The "Hash mechanism" arrow points at a box with white background and green frame, which reads "hash digest". At the top right corner of the diagram the symbol for a component key with only public key and the title "Signer public key" is shown. Hash digest, component key symbol and the cryptographic signature symbol in the signature packet point to a large green arrow symbol, with green dotted frame, at the lower right corner of the diagram, using green dotted arrow lines. The large arrow symbol has the title "Signature verification mechanism" and text overlaid across it reads "A cryptographic signature is verified against the hash digest, using the public key of the signer.". It points at a success and fail symbol at the bottom of the diagram.

--- a/book/source/08-signing_components.md
+++ b/book/source/08-signing_components.md
@ -92,7 +92,7 @@ A subkey binding signature binds a subkey to a primary key, and it embeds metada

 Subkeys designated for signing purposes, identified by the *signing* [key flag](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-12.html#name-key-flags), represent a unique category and are handled differently. See {numref}`bind_subkey_sign`.

-```{figure} diag/subkey_binding_signature.png
+```{figure} diag_converted/subkey_binding_signature.svg
 :name: fig-subkey-binding-signature
 :alt: Depicts a diagram on white background with the title "Subkey binding signature". At the top left the symbol of a primary component key with certification capability is shown. At the bottom left the symbol of a component key with encryption capability is shown. The primary component key points at the lower component key with a full green arrow line. In the middle of the connection the small symbol of a signature packet is shown. On the right side of the diagram a detailed version of the signature packet can be found in a box with the title "Subkey binding signature". The text reads "Signature over Primary key, Subkey" and the box with "Signature metadata" contains the list "signature creation time", "key expiration time", "key flags" and "issuer fingerprint". The primary component key points at the detailed signature packet with a dotted green arrow line and the text "Primary key creates a subkey binding signature to bind the subkey to the primary key".

@ -121,7 +121,7 @@ To prevent such scenarios, where an attacker might wrongfully "adopt" a victim's
 - the [subkey binding signature](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-10.html#sigtype-subkey-binding) (type ID `0x18`), which is issued by the certificate's primary key
 - the [primary key binding signature](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-12.html#sigtype-primary-binding) (type ID `0x19`), created by the subkey itself. This is informally known as an embedded "back signature," because the subkey's signature points back to the primary key.

-```{figure} diag/subkey_binding_signatur_for_signing_sk.png
+```{figure} diag_converted/subkey_binding_signatur_for_signing_sk.svg
 :name: fig-subkey-binding-signature-for-signing-subkeys
 :alt: Depicts a diagram on white background with the title "Subkey binding signature for signing subkeys". At the top left the symbol of a primary component key with certification capability is shown. At the bottom left the symbol of a component key with signing capability is shown. The primary component key points at the lower component key with a full green arrow line. In the middle of the connection the small symbol of a signature packet is shown. On the right side of the diagram a detailed version of the signature packet can be found in a box with the title "Subkey binding signature". The text reads "Signature over Primary key, Subkey" and the box with "Signature metadata" in it contains the list "signature creation time", "key expiration time", "key flags" and "issuer fingerprint". Within the signature metadata a box with a green dotted frame extends the list with an inlined signature packet with the title "Embedded Signature; Primary key binding". Its inner text reads "Signature over Primary Key, Signing Subkey". The signature metadata area of this embedded signature holds the list "signature creation time" and "issuer fingerprint". The cryptographic signature symbol overlaps both metadata and general section of the embedded signature. From the signing component key a green dotted arrow line points to the embedded signature in the subkey binding signature with the text "Signing key creates a primary binding signature to associate itself with the primary key" ("primary binding signature" in bold). At the top of the diagram, the primary component key points at the detailed signature packet with a dotted green arrow line and the text "Primary key creates a subkey binding signature to bind the subkey to the primary key".

@ -141,7 +141,7 @@ There are four types of *certifying self-signature*. The most commonly used type

 The certifying self-signature packet – calculated over the primary key, User ID, and metadata of the signature packet – is added to the certificate, directly following the User ID packet.

-```{figure} diag/user_id_certification.png
+```{figure} diag_converted/user_id_certification.svg
 :name: fig-user-id-certification
 :alt: Depicts a diagram on white background with the title "User ID binding signature". At the top left the symbol of a primary component key with certification capability is shown. At the bottom left the symbol of a User ID reads "Alice Adams <alice@example.org>". The primary component key points at the User ID with a full green arrow line. In the middle of the connection the small symbol of a signature packet is shown. On the right side of the diagram a detailed version of the signature packet can be found in a box with the title "User ID binding signature". The text reads "Signature over Primary key, User ID" and the box with "Signature metadata" in it contains the list "signature creation time", "key expiration time", "primary User ID flag", "algorithm preferences", "key expiration time (primary key)" and "key flags (primary key)". At the top of the diagram, the primary component key points at the detailed signature packet with a dotted green arrow line and the text "Primary key creates a User ID binding signature to associate the User ID with the primary key".

@ -453,4 +453,4 @@ In OpenPGP signatures, both the hashed and unhashed areas are composed of lists

 - **Handling conflicts within the same area**: Conflicts can still arise within the same area, such as when two subpackets have different expiration dates. In such cases, the [OpenPGP specification](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-12.html#name-notes-on-subpackets) advises that implementations should favor the last occurrence of a conflicting subpacket in the hashed area.

-In certain scenarios, having duplicate subpackets with conflicting content is logical and even necessary. For example, consider a signature created by a version 4 issuer key, which was upgraded from an older OpenPGP version (like v3). Since the key ID calculation scheme changed from v3 to v4, the identifiers for the same key would differ between these versions. Therefore, a v4 signature might contain two issuer key ID subpackets, each with different, yet correct values for v3 and v4 keys, respectively. This allows for backward compatibility and ensures the signature can be validated under both key ID calculation schemes.
+In certain scenarios, having duplicate subpackets with conflicting content is logical and even necessary. For example, consider a signature created by a version 4 issuer key, which was upgraded from an older OpenPGP version (like v3). Since the key ID calculation scheme changed from v3 to v4, the identifiers for the same key would differ between these versions. Therefore, a v4 signature might contain two issuer key ID subpackets, each with different, yet correct values for v3 and v4 keys, respectively. This allows for backward compatibility and ensures the signature can be validated under both key ID calculation schemes.
--- a/book/source/18-zoom_certificates.md
+++ b/book/source/18-zoom_certificates.md
@ -47,7 +47,7 @@ alice.pub-9--Signature
 ```


-```{figure} diag/certificate_packet_list.png
+```{figure} diag_converted/certificate_packet_list.svg
 :name: fig-certificate-packet-list
 :alt: Depicts a box with white background and the title "Certificate packet list". Inside, a list of several boxes on white background and varying frame colors represent a list of OpenPGP packets from top to bottom. The first box, with green frame, represents the "Public-Key packet", and includes the green public key symbol. The second box, with yellow frame, represents a "Signature packet" ("Direct Key Signature") and includes the green cryptographic signature symbol. The third box, with black frame, represents a "User ID packet", and includes the black User ID symbol. The fourth box, with yellow frame, represents a "Signature packet" ("Certifying self-signature for User ID"), and includes the green cryptographic signature symbol. The fifth box, with green frame, represents a "Public-Subkey packet" and includes the green public key symbol. The sixth box, with yellow frame, represents a "Signature packet" ("Subkey binding signature") and includes the green cryptographic signature symbol. The seventh box, with green frame, represents a "Public-Subkey packet" and includes the green public key symbol. The eighth box, with yellow frame, represents a "Signature packet" ("Subkey binding signature") and includes the green cryptographic signature symbol. The ninth box, with green frame, represents a "Public-Subkey packet" and includes the green public key symbol. The tenth box, with yellow frame, represents a "Signature packet" ("Subkey binding signature") and includes the green cryptographic signature symbol.

@ -77,7 +77,7 @@ This version of Alice's certificate contains just two packets:

 This is the shape of the packets we'll explore in the subsequent sections:

-```{figure} diag/Minimal_OpenPGP_certificate.svg
+```{figure} diag_converted/Minimal_OpenPGP_certificate.svg
 :name: fig-public-certificate-minimal
 :alt: TODO

@ -173,7 +173,7 @@ The packet type ID ("6") defines the semantics of the following data within the

 Note that the *Public-Key packet* contains only the public part of the key.

-```{figure} diag/public-key_packet.png
+```{figure} diag_converted/public-key_packet.svg
 :name: fig-public-key-packet
 :alt: Depicts a box with white background and title "Public-Key packet". In the center a box with white background and green frame is shown. Inside it several items are listed, separated by green dotted horizontal lines. The first three are "Version", "Creation Time", "Public-Key Algorithm" written in black. The last one is written in green and reads "Public Key Material" and has the green public key symbol at its right side.

@ -365,7 +365,7 @@ The hash digest is calculated from the following data (see [Computing Signatures

 The signature is calculated from this hash digest.

-```{figure} diag/direct_key_signature_packet.svg
+```{figure} diag_converted/direct_key_signature_packet.svg
 :name: fig-direct-key-signature-packet
 :alt: Depicts a box with white background, title "Signature packet" and subtitle "Direct Key Signature (type ID 0x1F)". In the center a box with white background and yellow frame is shown. Inside it several items are listed, separated by yellow dotted horizontal lines. The first three are "Version", "Public-Key Algorithm" and "Hash Algorithm". The fourth item is called "Hashed area" and confines further sub-items by a light-yellow frame on the top and left side. The sub-items are "Signature Creation Time", "Key Expiration Time", "Preferred Symmetric Ciphers for v1 SEIPD", "Preferred Hash Algorithms", "Key Flags", "Features" and "Issuer Fingerprint". The fifth item is named "Unhashed area" and again introduces an area for sub-items, this time using a light-gray border on the top and left side. The unhashed area has no sub-items though. The last item is called "Cryptographic Signature", with the subtitle "by the primary key over primary key, subkey and signature metadata" and includes the green cryptographic signature symbol on the right side.

--- a/book/source/19-zoom_private_keys.md
+++ b/book/source/19-zoom_private_keys.md
@ -22,7 +22,7 @@ The output starts with the (primary) [Secret-Key packet](https://www.ietf.org/ar

 This is the structure of the Secret-Key packet we will now look at.

-```{figure} diag/secret-key_packet.png
+```{figure} diag_converted/secret-key_packet.svg
 :name: fig-secret-key-packet
 :alt: Depicts a box with white background and title "Secret-Key packet". In the center a box with white background and red frame is shown. Inside it several items are listed, separated by red dotted horizontal lines. The first three are "Version", "Creation Time", "Public-Key Algorithm" written in black. The fourth one is written in green and reads "Public Key Material" and has the green public key symbol at its right side. The fifth one is again written in black and reads "S2K Usage (Secret Key Encryption)". The sixth item reads "Secret Key Material", written in red and has the red private key symbol at its right side.