vanitasvitae/openpgp-notes
1
0
Fork 0
mirror of https://codeberg.org/openpgp/notes.git synced 2025-09-09 11:19:41 +02:00
Code Issues Projects Releases Packages Wiki Activity

Remove S2K migration section, as it has moved to ch15 in paul-ch15

Browse source
This commit is contained in:
Paul Schaub 2023-12-08 21:09:06 +01:00
parent 11ba97a3f3
commit bc35e695e9
Signed by: vanitasvitae
GPG key ID: 62BEE9264BF17311
1 changed files with 1 additions and 16 deletions
Download patch file Download diff file Expand all files Collapse all files

17
book/source/05-private.md
View file

@ -205,23 +205,8 @@ Understanding KO attacks is crucial due to their potential to compromise the int
Private keys that are protected with [S2K usage mode 253 (AEAD)](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-10.html#name-secret-key-encryption), are not vulnerable to KO attacks. This mode ensures the integrity of the private key by using its unencrypted fields (including the algorithm field) as the *authentication tag* for integrity verification in the decryption process. When an attacker alters the unencrypted part of the packet, then decryption of the private key material will fail, and the user is prevented from e.g. accidentally using the key material with an altered attacker-controlled algorithm.
Note that while S2K usage mode 253 (AEAD) has been introduced in the OpenPGP version 6 specification, it can also be applied to OpenPGP version 4 key material (also see {ref}`s2k_best_practice`).
Note that while S2K usage mode 253 (AEAD) has been introduced in the OpenPGP version 6 specification, it can also be applied to OpenPGP version 4 key material (also see {ref}`migration_s2k`).
#### Resources
For comprehensive information on KO attacks, including background, attack vectors, countermeasures, and technical analyses, visit [KOpenPGP.com](https://www.kopenpgp.com/). It is based on the paper "Victory by KO: Attacking OpenPGP Using Key Overwriting" written by Lara Bruseghini, Daniel Huigens, and Kenneth G. Paterson for the Proceedings of ACM Conference on Computer and Communications Security, Los Angeles, November 2022.
(s2k_best_practice)=
### TSKs: Best practices S2K + S2K migration?
The RFC [recommends](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-10.html#name-avoiding-ciphertext-malleab) that: "Users should migrate to AEAD with all due speed."
In the context of this chapter, this means that encrypted private keys should be upgraded by the user's OpenPGP software to use S2K usage mode 253 (AEAD) to encrypt the user's private key material.
Note that S2K usage mode 253 (AEAD) can be applied to both version 6 and version 4 private keys, with sufficiently up-to-date OpenPGP software. This S2K usage mode is strongly recommended for all private keys.
```{admonition} TODO
:class: warning
Can we make more specific recommendations, e.g. on how to do that?
```