vanitasvitae/openpgp-notes
1
0
Fork 0
mirror of https://codeberg.org/openpgp/notes.git synced 2025-09-10 19:59:40 +02:00
Code Issues Projects Releases Packages Wiki Activity

edit "Additional keystore duties" section

Browse source
This commit is contained in:
Tammi L. Coles 2023-11-30 17:53:53 +01:00
parent 84ba8afc5c
commit 78b1de81ec
1 changed files with 9 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

12
book/source/05-private.md
View file

@ -175,11 +175,17 @@ When implementing a keystore based on hardware cryptographic devices like [OpenP
A critical aspect of keystore design involves determining how users address individual key materials. A critical aspect of keystore design involves determining how users address individual key materials.
One common method is using the fingerprint of each component key. The availability of these fingerprints, however, depends on the underlying technology of the keystore. For instance, in software-based private keystores or OpenPGP cards, fingerprints of component keys are usually directly accessible. Key stores relying on generic cryptographic hardware, like TPMs, need to implement their own mechanisms for tracking and managing the fingerprints of each key. One common method is using the fingerprint of each component key. The availability of these fingerprints, however, depends on the underlying technology of the keystore. For instance, in software-based private keystores or OpenPGP cards, fingerprints of component keys are usually readily available. Keystores relying on generic cryptographic hardware, like TPMs, need to implement their own mechanisms for tracking and managing the fingerprints of each key.
### Assorted other duties ### Additional keystore duties
Additionally, a keystore may want to keep track of devices that contain particular component keys. It may need to deal with secrets, such as passphrases of software keys, or PINs of OpenPGP card devices. It may need to notify the user that some interaction is required. For example, some OpenPGP card devices can require touch confirmation to authorize each cryptographic operation. In addition to key management, a keystore often involves various supplementary functions:
- **Tracking devices**: Keystores may track which devices contain particular component keys.
- **Handling secrets**: This involves the management of sensitive information such as passphrases for software keys or PINs for OpenPGP cards.
- **User interaction alerts**: Keystores might also need to prompt users for necessary interactions during certain operations. For example, OpenPGP cards may require user touch confirmation to authorize each cryptographic action.
### Visualizing keystore operations ### Visualizing keystore operations